Summary
Detail | |||
---|---|---|---|
Vendor | Cisco | First view | 2007-08-21 |
Product | Skinny Client Control Protocol Software | Last view | 2012-12-28 |
Version | 3.1(10) | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:cisco:skinny_client_control_protocol_software |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
6.8 | 2012-12-28 | CVE-2012-5445 | The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary. |
1.5 | 2011-06-02 | CVE-2011-1637 | Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image, aka Bug ID CSCtn65962. |
6.6 | 2011-06-02 | CVE-2011-1603 | Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 allow local users to gain privileges via unspecified vectors, aka Bug ID CSCtn65815. |
6.6 | 2011-06-02 | CVE-2011-1602 | The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.0.3 allows local users to gain privileges via unspecified vectors, aka Bug ID CSCtf07426. |
7.1 | 2007-08-21 | CVE-2007-4459 | Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE message that contains a remote tag, followed by a certain set of two related SIP OPTIONS messages. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
60% (3) | CWE-264 | Permissions, Privileges, and Access Controls |
40% (2) | CWE-20 | Improper Input Validation |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
72719 | Cisco Unified IP Phone Image Signature Verification Local Arbitrary Image Upload |
72718 | Cisco Unified IP Phone Unspecified Local Privilege Escalation |
72717 | Cisco Unified IP Phone su Utility Local Privilege Escalation |
36695 | Cisco IP Phone 79xx Crafted SIP Message Sequence Remote DoS |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2011-B-0072 | Multiple Vulnerabilities in Cisco Unified IP Phones Severity: Category I - VMSKEY: V0028933 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2013-09-24 | Name: The remote IP telephony device is missing a vendor-supplied patch. File: cisco-sa-20110601-phone.nasl - Type: ACT_GATHER_INFO |
2013-09-24 | Name: The remote IP telephony device is missing a vendor-supplied patch. File: cisco-sa-20130109-uipphone.nasl - Type: ACT_GATHER_INFO |