Cisco Unified IP Phones 9900 Series Image Upgrade Command Injection Vulnerability

2013-10-1115:09:38

tools.cisco.com

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:S/C:C/I:C/A:C

EPSS

Percentile

5.1%

JSON

A vulnerability in the image upgrade facility of Cisco Unified IP Phones 9900 Series could allow an authenticated, local attacker to execute commands within the context of the underlying operating system.

The vulnerability is due to insufficient sanitization of input during the image upgrade process. An attacker could exploit this vulnerability by inserting shell commands into a parameter using common techniques.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker must be able to authenticate and have local access to a targeted device. These access requirements decrease the likelihood of a successful exploit.

Cisco indicates through the CVSS score that proof-of-concept exploit code exists; however, the code is not known to be publicly available.

Affected configurations

Vulners

Node

ciscounified_ip_phones_9900_series_firmwareMatchany

ciscounified_ip_phones_9951_firmwareMatch9900_series_firmware

VendorProductVersionCPE
ciscounified_ip_phones_9900_series_firmwareanycpe:2.3:o:cisco:unified_ip_phones_9900_series_firmware:any:*:*:*:*:*:*:*
ciscounified_ip_phones_9951_firmware9900_series_firmwarecpe:2.3:o:cisco:unified_ip_phones_9951_firmware:9900_series_firmware:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_ip_phones_9900_series_firmware	any	cpe:2.3:o:cisco:unified_ip_phones_9900_series_firmware:any:::::::*
cisco	unified_ip_phones_9951_firmware	9900_series_firmware	cpe:2.3:o:cisco:unified_ip_phones_9951_firmware:9900_series_firmware:::::::*