This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Cisco First view 2007-08-21
Product Skinny Client Control Protocol Software Last view 2012-12-28
Version 3.1(10) Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:cisco:skinny_client_control_protocol_software

Activity : Overall

Related : CVE

  Date Alert Description
6.8 2012-12-28 CVE-2012-5445

The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary.

1.5 2011-06-02 CVE-2011-1637

Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image, aka Bug ID CSCtn65962.

6.6 2011-06-02 CVE-2011-1603

Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 allow local users to gain privileges via unspecified vectors, aka Bug ID CSCtn65815.

6.6 2011-06-02 CVE-2011-1602

The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.0.3 allows local users to gain privileges via unspecified vectors, aka Bug ID CSCtf07426.

7.1 2007-08-21 CVE-2007-4459

Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages.

CWE : Common Weakness Enumeration

%idName
60% (3) CWE-264 Permissions, Privileges, and Access Controls
40% (2) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
72719 Cisco Unified IP Phone Image Signature Verification Local Arbitrary Image Upload
72718 Cisco Unified IP Phone Unspecified Local Privilege Escalation
72717 Cisco Unified IP Phone su Utility Local Privilege Escalation
36695 Cisco IP Phone 79xx Crafted SIP Message Sequence Remote DoS

Information Assurance Vulnerability Management (IAVM)

id Description
2011-B-0072 Multiple Vulnerabilities in Cisco Unified IP Phones
Severity: Category I - VMSKEY: V0028933

Nessus® Vulnerability Scanner

id Description
2013-09-24 Name: The remote IP telephony device is missing a vendor-supplied patch.
File: cisco-sa-20110601-phone.nasl - Type: ACT_GATHER_INFO
2013-09-24 Name: The remote IP telephony device is missing a vendor-supplied patch.
File: cisco-sa-20130109-uipphone.nasl - Type: ACT_GATHER_INFO