7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.004 Low
EPSS
Percentile
72.1%
A vulnerability in PNG image processing of the Cisco Unified IP Phone 8945 running software version 9.3(2) could allow an unauthenticated, remote attacker to cause the phone to lock up.
The vulnerability is due to incorrect processing of malformed PNG images. An attacker could exploit this vulnerability by placing a malicious PNG image on the HTTP Server from which the phone requests XML files. A successful exploit could allow the attacker to cause the phone to lock up.
Cisco has confirmed the vulnerability in a security notice and software updates are available.
To exploit this vulnerability, it is likely that an attacker would need access to trusted, internal networks and access to the HTTP server on the network that serves resources to an affected device. These access requirements limits the likelihood of a successful exploit.
CPE | Name | Operator | Version |
---|---|---|---|
cisco unified ip phone 8945 | eq | any | |
cisco unified ip phone | eq | 8945 |