Executive Summary

Title Update v1.1: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability
Name cisco-sa-20130109-uipphone First vendor Publication 2013-01-09
Vendor Cisco Last vendor Modification 2013-01-17
Severity (Vendor) N/A Revision 1.1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 6.8 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.1 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores


Cisco Unified IP Phones 7900 Series versions 9.3(1)SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges.

This vulnerability is due to a failure to properly validate input passed to kernel system calls from applications running in userspace. An attacker could exploit this issue by gaining local access to the device using physical access or authenticated access using SSH and executing an attacker-controlled binary that is designed to exploit the issue. Such an attack would originate from an unprivileged context.

Ang Cui initially reported the issue to the Cisco Product Security Incident Response Team (PSIRT). On November 6, 2012, the Cisco PSIRT disclosed this issue in Cisco bug ID CSCuc83860 Release Note Enclosure. Subsequently, Mr. Cui has spoken at several public conferences and has performed public demonstrations of a device being compromised and used as a listening device.

Mitigations are available to help reduce the attack surface of affected devices. See the "Details" section of this security advisory and the accompanying Cisco Applied Mitigation Bulletin (AMB) for additional information.

Update: An Engineering Special release has been made available for affected Cisco Customers that includes hardening measures to mitigate the known attack vectors for the vulnerability described in this advisory. This release is available upon request from the Cisco TAC. The release name is 9.3(1)-ES11.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlD4HKgACgkQUddfH3/BbTqIXwD/Vt52DZKHw+GGIE+vewkwjOJv 37T+yqiA10h9za3eP1cA/A3YBxs8TjTkrYtS/9nInHhUzZNeAGq8j5ObZ50rJr4Y =4aLv END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

Hardware 12
Hardware 5
Os 142

Nessus® Vulnerability Scanner

Date Description
2013-09-24 Name : The remote IP telephony device is missing a vendor-supplied patch.
File : cisco-sa-20130109-uipphone.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
Date Informations
2016-07-22 12:05:32
  • Multiple Updates
2014-02-17 10:22:07
  • Multiple Updates
2013-02-07 13:25:31
  • Multiple Updates
2013-01-17 17:21:03
  • Multiple Updates
2013-01-09 21:18:40
  • First insertion