Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0604

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-0604
Last Modified 19 Feb 2015 02:24:52
Published 06 Feb 2015 11:59:07
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0604

Summary

The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424.

Vulnerable Systems

Operating System

  • Cisco Unified Ip Phones 9900 Series Firmware 9.4%28.1%29

  • Cisco Unified Ip Phones 9951 Firmware 9.4%28.1%29

  • Cisco Unified Ip Phones 9971 Firmware 9.4%28.1%29


References

CONFIRM - http://tools.cisco.com/security/center/viewAlert.x?alertId=37346

CISCO - 20150203 Cisco Unified IP Phone 9900 Series Arbitrary File Upload Vulnerability

XF - cisco-unifiedipphone-cve20150604-file-upload(100620)

BID - 72485

SECUNIA - 62761


Last Updated: 27 May 2016 11:07:52