Executive Summary
| Summary | |
|---|---|
| Title | Update v1.1: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability |
| Informations | |||
|---|---|---|---|
| Name | cisco-sa-20130109-uipphone | First vendor Publication | 2013-01-09 |
| Vendor | Cisco | Last vendor Modification | 2013-01-17 |
| Severity (Vendor) | N/A | Revision | 1.1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:S/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 6.8 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.1 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Cisco Unified IP Phones 7900 Series versions 9.3(1)SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges. This vulnerability is due to a failure to properly validate input passed to kernel system calls from applications running in userspace. An attacker could exploit this issue by gaining local access to the device using physical access or authenticated access using SSH and executing an attacker-controlled binary that is designed to exploit the issue. Such an attack would originate from an unprivileged context. Ang Cui initially reported the issue to the Cisco Product Security Incident Response Team (PSIRT). On November 6, 2012, the Cisco PSIRT disclosed this issue in Cisco bug ID CSCuc83860 Release Note Enclosure. Subsequently, Mr. Cui has spoken at several public conferences and has performed public demonstrations of a device being compromised and used as a listening device. Mitigations are available to help reduce the attack surface of affected devices. See the "Details" section of this security advisory and the accompanying Cisco Applied Mitigation Bulletin (AMB) for additional information. Update: An Engineering Special release has been made available for affected Cisco Customers that includes hardening measures to mitigate the known attack vectors for the vulnerability described in this advisory. This release is available upon request from the Cisco TAC. The release name is 9.3(1)-ES11. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone BEGIN PGP SIGNATURE Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlD4HKgACgkQUddfH3/BbTqIXwD/Vt52DZKHw+GGIE+vewkwjOJv 37T+yqiA10h9za3eP1cA/A3YBxs8TjTkrYtS/9nInHhUzZNeAGq8j5ObZ50rJr4Y =4aLv END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-09-24 | Name : The remote IP telephony device is missing a vendor-supplied patch. File : cisco-sa-20130109-uipphone.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2016-07-22 12:05:32 |
|
| 2014-02-17 10:22:07 |
|
| 2013-02-07 13:25:31 |
|
| 2013-01-17 17:21:03 |
|
| 2013-01-09 21:18:40 |
|
