CVE-2012-1328

2012-05-0323:55:01

CWE-94

[email protected]

web.nvd.nist.gov

cisco

ip phones

9900 series

firmware

privilege escalation

injected data

cve-2012-1328

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.7 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.

Affected configurations

NVD

Node

ciscounified_ip_phoneMatch9900

ciscounified_ip_phone_firmwareMatch9.1

ciscounified_ip_phone_firmwareMatch9.2

CPENameOperatorVersion
cisco:unified_ip_phonecisco unified ip phoneeq9900
cisco:unified_ip_phone_firmwarecisco unified ip phone firmwareeq9.1
cisco:unified_ip_phone_firmwarecisco unified ip phone firmwareeq9.2

CPE	Name	Operator	Version
cisco:unified_ip_phone	cisco unified ip phone	eq	9900
cisco:unified_ip_phone_firmware	cisco unified ip phone firmware	eq	9.1
cisco:unified_ip_phone_firmware	cisco unified ip phone firmware	eq	9.2