Lucene search

CiscoCVELIST:CVE-2019-15959

HistorySep 23, 2020 - 12:27 a.m.

CVE-2019-15959 Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability

2020-09-2300:27:21

CWE-20

cisco

www.cve.org

cisco

ip phones

vulnerability

script execution

usb

security context

CVSS3

6.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

12.6%

JSON

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.

CNA Affected

[
  {
    "product": "Cisco SPA525G2 5-line IP Phone",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-spa500-script

CVSS3

6.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

12.6%

JSON

Related for CVELIST:CVE-2019-15959