Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_CISCO_CVE-2011-1603.NASLHistoryMar 18, 2024 - 12:00 a.m.
Cisco Unified IP Phones 7900 Permissions, Privileges, and Access Controls (CVE-2011-1603)
2024-03-1800:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
cisco unified ip phones
7900 devices
software
local users
privileges
unspecified vectors
cve-2011-1603
tenable.ot
vulnerability
cisco
access controls
permissions
6.9 Medium
AI Score
Confidence
Low
Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 allow local users to gain privileges via unspecified vectors, aka Bug ID CSCtn65815.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(502138);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/18");
script_cve_id("CVE-2011-1603");
script_xref(name:"OSVDB", value:"72718");
script_xref(name:"SECUNIA", value:"44814");
script_name(english:"Cisco Unified IP Phones 7900 Permissions, Privileges, and Access Controls (CVE-2011-1603)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Cisco Unified IP Phones 7900 devices (aka TNP phones) with software
before 9.2.1 allow local users to gain privileges via unspecified
vectors, aka Bug ID CSCtn65815.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"http://osvdb.org/72718");
script_set_attribute(attribute:"see_also", value:"http://secunia.com/advisories/44814/");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20110601-phone
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?83d314f6");
script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/48079");
script_set_attribute(attribute:"see_also", value:"http://www.securitytracker.com/id?1025588");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2011-1603");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(264);
script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/02");
script_set_attribute(attribute:"patch_publication_date", value:"2011/06/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:unified_ip_phone_7906");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:unified_ip_phone_7911g");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:unified_ip_phone_7931g");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:unified_ip_phone_7941g");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:unified_ip_phone_7941g-ge");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:unified_ip_phone_7942g");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:unified_ip_phone_7945g");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:unified_ip_phone_7961g");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:unified_ip_phone_7961g-ge");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:unified_ip_phone_7962g");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:unified_ip_phone_7965g");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:unified_ip_phone_7970g");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:unified_ip_phone_7971g-ge");
script_set_attribute(attribute:"cpe", value:"cpe:/h:cisco:unified_ip_phone_7975g");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Cisco");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Cisco');
var asset = tenable_ot::assets::get(vendor:'Cisco');
var vuln_cpes = {
"cpe:/h:cisco:unified_ip_phone_7906" :
{"family" : "CiscoIPPhones", "versionEndExcluding" : "9.2.1"},
"cpe:/h:cisco:unified_ip_phone_7911g" :
{"family" : "CiscoIPPhones", "versionEndExcluding" : "9.2.1"},
"cpe:/h:cisco:unified_ip_phone_7931g" :
{"family" : "CiscoIPPhones", "versionEndExcluding" : "9.2.1"},
"cpe:/h:cisco:unified_ip_phone_7941g" :
{"family" : "CiscoIPPhones", "versionEndExcluding" : "9.2.1"},
"cpe:/h:cisco:unified_ip_phone_7941g-ge" :
{"family" : "CiscoIPPhones", "versionEndExcluding" : "9.2.1"},
"cpe:/h:cisco:unified_ip_phone_7942g" :
{"family" : "CiscoIPPhones", "versionEndExcluding" : "9.2.1"},
"cpe:/h:cisco:unified_ip_phone_7945g" :
{"family" : "CiscoIPPhones", "versionEndExcluding" : "9.2.1"},
"cpe:/h:cisco:unified_ip_phone_7961g" :
{"family" : "CiscoIPPhones", "versionEndExcluding" : "9.2.1"},
"cpe:/h:cisco:unified_ip_phone_7961g-ge" :
{"family" : "CiscoIPPhones", "versionEndExcluding" : "9.2.1"},
"cpe:/h:cisco:unified_ip_phone_7962g" :
{"family" : "CiscoIPPhones", "versionEndExcluding" : "9.2.1"},
"cpe:/h:cisco:unified_ip_phone_7965g" :
{"family" : "CiscoIPPhones", "versionEndExcluding" : "9.2.1"},
"cpe:/h:cisco:unified_ip_phone_7970g" :
{"family" : "CiscoIPPhones", "versionEndExcluding" : "9.2.1"},
"cpe:/h:cisco:unified_ip_phone_7971g-ge" :
{"family" : "CiscoIPPhones", "versionEndExcluding" : "9.2.1"},
"cpe:/h:cisco:unified_ip_phone_7975g" :
{"family" : "CiscoIPPhones", "versionEndExcluding" : "9.2.1"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | unified_ip_phone_7906 | cpe:/h:cisco:unified_ip_phone_7906 | |
| cisco | unified_ip_phone_7911g | cpe:/h:cisco:unified_ip_phone_7911g | |
| cisco | unified_ip_phone_7931g | cpe:/h:cisco:unified_ip_phone_7931g | |
| cisco | unified_ip_phone_7941g | cpe:/h:cisco:unified_ip_phone_7941g | |
| cisco | unified_ip_phone_7941g-ge | cpe:/h:cisco:unified_ip_phone_7941g-ge | |
| cisco | unified_ip_phone_7942g | cpe:/h:cisco:unified_ip_phone_7942g | |
| cisco | unified_ip_phone_7945g | cpe:/h:cisco:unified_ip_phone_7945g | |
| cisco | unified_ip_phone_7961g | cpe:/h:cisco:unified_ip_phone_7961g | |
| cisco | unified_ip_phone_7961g-ge | cpe:/h:cisco:unified_ip_phone_7961g-ge | |
| cisco | unified_ip_phone_7962g | cpe:/h:cisco:unified_ip_phone_7962g |
Related
cve
cve
CVE-2011-1603
2011-06-02 20:55:00
cvelist
cvelist
CVE-2011-1603
2011-06-02 20:00:00
prion
prion
Command injection
2011-06-02 20:55:00
nessus
nessus
Cisco Unified IP Phones Multiple Vulnerabilities (cisco-sa-20110601-phone)
2013-09-24 00:00:00
securityvulns
securityvulns
Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series
2011-06-02 00:00:00
Cisco Unified IP Phones 7900 series security vulnerabilites
2011-06-02 00:00:00