Detections
Analytics

Cisco Unified IP Phone Use of Hard-coded Credentials (CVE-2007-1063)

critical Tenable OT Security Plugin ID 502793

Synopsis

The remote OT asset is affected by a vulnerability.

Description

The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard- coded username and password, which allows remote attackers to access the device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://secunia.com/advisories/24262

http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml

http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml

http://www.securityfocus.com/bid/22647

http://www.securitytracker.com/id?1017681

http://www.vupen.com/english/advisories/2007/0689

https://exchange.xforce.ibmcloud.com/vulnerabilities/32627

Plugin Details

Severity: Critical

ID: 502793

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 12/4/2024

Updated: 12/5/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2007-1063

Vulnerability Information

CPE: cpe:/o:cisco:unified_ip_phone_firmware_7971g:8.0%284%29:sr1, cpe:/o:cisco:unified_ip_phone_firmware_7961g:8.0%284%29:sr1, cpe:/o:cisco:unified_ip_phone_firmware_7906g:8.0%284%29:sr1, cpe:/o:cisco:unified_ip_phone_firmware_7911g:8.0%284%29:sr1, cpe:/o:cisco:unified_ip_phone_firmware_7970g:8.0%284%29:sr1, cpe:/o:cisco:unified_ip_phone_firmware_7941g:8.0%284%29:sr1

Required KB Items: Tenable.ot/Cisco

Exploit Ease: No known exploits are available

Patch Publication Date: 2/22/2007

Vulnerability Publication Date: 2/22/2007

Reference Information

CVE: CVE-2007-1063

CWE: 798