Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series |
Informations | |||
---|---|---|---|
Name | cisco-sa-20110601-phone | First vendor Publication | 2011-05-03 |
Vendor | Cisco | Last vendor Modification | 2011-06-01 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:S/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.6 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 2.7 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco Unified IP Phones 7900 Series devices, also known as TNP phones, are affected by three vulnerabilities that could allow an attacker to elevate privileges, change phone configurations, disclose sensitive information, or load unsigned software. These three vulnerabilities are classified as two privilege escalation vulnerabilities and one signature bypass vulnerability. Cisco has released free software updates that address these vulnerabilities. There are no workarounds available to mitigate these vulnerabilities. |
Original Source
Url : http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8 (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
72719 | Cisco Unified IP Phone Image Signature Verification Local Arbitrary Image Upload |
72718 | Cisco Unified IP Phone Unspecified Local Privilege Escalation |
72717 | Cisco Unified IP Phone su Utility Local Privilege Escalation |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-06-23 | IAVM : 2011-B-0072 - Multiple Vulnerabilities in Cisco Unified IP Phones Severity : Category I - VMSKEY : V0028933 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-09-24 | Name : The remote IP telephony device is missing a vendor-supplied patch. File : cisco-sa-20110601-phone.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 10:22:00 |
|
2013-11-11 12:37:29 |
|