CVE-2007-1072

The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063.

CVSS v2.0 7.2 HIGH

7.2^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/33064	Broken Link
http://secunia.com/advisories/24262	Vendor Advisory
http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml	Vendor Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml	Patch Vendor Advisory
http://www.securityfocus.com/bid/22647	Third Party Advisory VDB Entry
http://osvdb.org/33064	Broken Link
http://secunia.com/advisories/24262	Vendor Advisory
http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml	Vendor Advisory
http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml	Patch Vendor Advisory
http://www.securityfocus.com/bid/22647	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:unified_ip_phone_firmware_7906g:8.0\(4\):sr1:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_ip_phone_7906g:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:unified_ip_phone_firmware_7911g:8.0\(4\):sr1:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_ip_phone_7911g:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cisco:unified_ip_phone_firmware_7941g:8.0\(4\):sr1:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_ip_phone_7941g:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:cisco:unified_ip_phone_firmware_7961g:8.0\(4\):sr1:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_ip_phone_7961g:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:cisco:unified_ip_phone_firmware_7970g:8.0\(4\):sr1:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_ip_phone_7970g:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:cisco:unified_ip_phone_firmware_7971g:8.0\(4\):sr1:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_ip_phone_7971g:-:*:*:*:*:*:*:*

History

21 Nov 2024, 00:27

Type	Values Removed	Values Added
References	~~() http://osvdb.org/33064 - Broken Link~~	() http://osvdb.org/33064 - Broken Link
References	~~() http://secunia.com/advisories/24262 - Vendor Advisory~~	() http://secunia.com/advisories/24262 - Vendor Advisory
References	~~() http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml - Vendor Advisory~~	() http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml - Vendor Advisory
References	~~() http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml - Patch, Vendor Advisory~~	() http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml - Patch, Vendor Advisory
References	~~() http://www.securityfocus.com/bid/22647 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/22647 - Third Party Advisory, VDB Entry

Information

Published : 2007-02-22 22:28

Updated : 2025-04-09 00:30

NVD link : CVE-2007-1072

Mitre link : CVE-2007-1072

CVE.ORG link : CVE-2007-1072

JSON object : View

Products Affected

cisco

unified_ip_phone_7911g
unified_ip_phone_7971g
unified_ip_phone_firmware_7970g
unified_ip_phone_7970g
unified_ip_phone_firmware_7911g
unified_ip_phone_firmware_7961g
unified_ip_phone_firmware_7906g
unified_ip_phone_7941g
unified_ip_phone_7906g
unified_ip_phone_firmware_7971g
unified_ip_phone_firmware_7941g
unified_ip_phone_7961g

CWE

CWE-264

Permissions, Privileges, and Access Controls

7.2 /10