Unrated severityNVD Advisory· Published Feb 22, 2007· Updated Apr 23, 2026

CVE-2007-1062

Description

The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time

Affected products

Cisco Systems, Inc./Unified Ip Conference Station 7935 Firmware
cpe:2.3:o:cisco:unified_ip_conference_station_7935_firmware:*:*:*:*:*:*:*:*
Range: <=3.2\(15\)
Cisco Systems, Inc./Unified Ip Conference Station Firmware 7936
cpe:2.3:o:cisco:unified_ip_conference_station_firmware_7936:*:*:*:*:*:*:*:*
Range: <=3.3\(12\)

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtmlnvdPatchVendor Advisory
secunia.com/advisories/24262nvdVendor Advisory
securitytracker.com/idnvdThird Party AdvisoryVDB Entry
www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtmlnvdVendor Advisory
www.securityfocus.com/bid/22647nvdThird Party AdvisoryVDB Entry
www.vupen.com/english/advisories/2007/0688nvdVendor Advisory
osvdb.org/45245nvdBroken Link
exchange.xforce.ibmcloud.com/vulnerabilities/32623nvdVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000