Summary
| Detail | |||
|---|---|---|---|
| Vendor | Cisco | First view | 2007-08-21 |
| Product | Skinny Client Control Protocol Software | Last view | 2012-12-28 |
| Version | 3.1(10) | Type | Os |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:cisco:skinny_client_control_protocol_software | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.8 | 2012-12-28 | CVE-2012-5445 | The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary. |
| 1.5 | 2011-06-02 | CVE-2011-1637 | Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image, aka Bug ID CSCtn65962. |
| 6.6 | 2011-06-02 | CVE-2011-1603 | Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 allow local users to gain privileges via unspecified vectors, aka Bug ID CSCtn65815. |
| 6.6 | 2011-06-02 | CVE-2011-1602 | The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.0.3 allows local users to gain privileges via unspecified vectors, aka Bug ID CSCtf07426. |
| 7.1 | 2007-08-21 | CVE-2007-4459 | Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 60% (3) | CWE-264 | Permissions, Privileges, and Access Controls |
| 40% (2) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 72719 | Cisco Unified IP Phone Image Signature Verification Local Arbitrary Image Upload |
| 72718 | Cisco Unified IP Phone Unspecified Local Privilege Escalation |
| 72717 | Cisco Unified IP Phone su Utility Local Privilege Escalation |
| 36695 | Cisco IP Phone 79xx Crafted SIP Message Sequence Remote DoS |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2011-B-0072 | Multiple Vulnerabilities in Cisco Unified IP Phones Severity: Category I - VMSKEY: V0028933 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-09-24 | Name: The remote IP telephony device is missing a vendor-supplied patch. File: cisco-sa-20110601-phone.nasl - Type: ACT_GATHER_INFO |
| 2013-09-24 | Name: The remote IP telephony device is missing a vendor-supplied patch. File: cisco-sa-20130109-uipphone.nasl - Type: ACT_GATHER_INFO |
