Lucene search

K
cve[email protected]CVE-2013-5758
HistoryAug 03, 2014 - 6:55 p.m.

CVE-2013-5758

2014-08-0318:55:04
CWE-78
web.nvd.nist.gov
31
cve-2013-5758
remote execution
yealink
voip
sip
command injection
security vulnerability

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.1%

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.

Affected configurations

NVD
Node
yealinksip-t38gMatch-
CPENameOperatorVersion
yealink:sip-t38gyealink sip-t38geq-

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.1 High

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.1%