Cisco Unified IP Phone 9900 Series Data Disclosure (CVE-2015-0602)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(502087);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/18");

  script_cve_id("CVE-2015-0602");

  script_name(english:"Cisco Unified IP Phone 9900 Series Data Disclosure (CVE-2015-0602)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The mobility extension on Cisco Unified IP 9900 phones with firmware
9.4(.1) and earlier allows remote attackers to obtain sensitive
information by sniffing the network, aka Bug ID CSCuq12117.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150204-CVE-2015-0602
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ab795059");
  script_set_attribute(attribute:"see_also", value:"http://tools.cisco.com/security/center/viewAlert.x?alertId=37342");
  script_set_attribute(attribute:"see_also", value:"http://www.securityfocus.com/bid/72482");
  script_set_attribute(attribute:"see_also", value:"https://exchange.xforce.ibmcloud.com/vulnerabilities/100615");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-0602");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(200);

  script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2015/02/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/18");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phones_9900_series_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Cisco");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Cisco');

var asset = tenable_ot::assets::get(vendor:'Cisco');

var vuln_cpes = {
    "cpe:/o:cisco:unified_ip_phones_9900_series_firmware" :
        {"versionEndIncluding" : "9.4(1)", "family" : "CiscoIPPhones"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);