Executive Summary

Summary
Title Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series
Informations
Name cisco-sa-20110601-phone First vendor Publication 2011-05-03
Vendor Cisco Last vendor Modification 2011-06-01
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:S/C:C/I:C/A:C)
Cvss Base Score 6.6 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 2.7 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Unified IP Phones 7900 Series devices, also known as TNP phones, are affected by three vulnerabilities that could allow an attacker to elevate privileges, change phone configurations, disclose sensitive information, or load unsigned software. These three vulnerabilities are classified as two privilege escalation vulnerabilities and one signature bypass vulnerability.

Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities.

Original Source

Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8 (...)

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Hardware 1
Os 134

Open Source Vulnerability Database (OSVDB)

Id Description
72719 Cisco Unified IP Phone Image Signature Verification Local Arbitrary Image Upload

72718 Cisco Unified IP Phone Unspecified Local Privilege Escalation

72717 Cisco Unified IP Phone su Utility Local Privilege Escalation

Information Assurance Vulnerability Management (IAVM)

Date Description
2011-06-23 IAVM : 2011-B-0072 - Multiple Vulnerabilities in Cisco Unified IP Phones
Severity : Category I - VMSKEY : V0028933

Nessus® Vulnerability Scanner

Date Description
2013-09-24 Name : The remote IP telephony device is missing a vendor-supplied patch.
File : cisco-sa-20110601-phone.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 10:22:00
  • Multiple Updates
2013-11-11 12:37:29
  • Multiple Updates