Lucene search
Symantec Security ResponseSMNTC-110806HistoryNov 06, 2019 - 12:00 a.m.
Cisco Small Business SPA500 Series IP Phones CVE-2019-15959 Local Command Injection Vulnerability
2019-11-0600:00:00
Symantec Security Response
www.symantec.com
12
EPSS
0
Percentile
12.6%
Description
Cisco Small Business SPA500 Series IP Phones are prone to a local command-injection vulnerability. Local attackers can exploit this issue to execute arbitrary commands on the device in an elevated security context. This issue is being tracked by Cisco Bug ID CSCvp40755. Cisco Small Business SPA500 Series IP Phones firmware releases 7.6.2SR5 and prior are vulnerable.
Technologies Affected
- Cisco Small Business SPA500 Series IP Phones 7.1
- Cisco Small Business SPA500 Series IP Phones 7.1.3
- Cisco Small Business SPA500 Series IP Phones 7.1.7
- Cisco Small Business SPA500 Series IP Phones 7.2
- Cisco Small Business SPA500 Series IP Phones 7.2.5
- Cisco Small Business SPA500 Series IP Phones 7.3
- Cisco Small Business SPA500 Series IP Phones 7.3.5
- Cisco Small Business SPA500 Series IP Phones 7.3.7
- Cisco Small Business SPA500 Series IP Phones 7.4
- Cisco Small Business SPA500 Series IP Phones 7.4.3
- Cisco Small Business SPA500 Series IP Phones 7.4.4
- Cisco Small Business SPA500 Series IP Phones 7.4.6
- Cisco Small Business SPA500 Series IP Phones 7.4.7
- Cisco Small Business SPA500 Series IP Phones 7.4.8
- Cisco Small Business SPA500 Series IP Phones 7.4.8a
- Cisco Small Business SPA500 Series IP Phones 7.4.9a
- Cisco Small Business SPA500 Series IP Phones 7.4.9c
- Cisco Small Business SPA500 Series IP Phones 7.5
- Cisco Small Business SPA500 Series IP Phones 7.5.1
- Cisco Small Business SPA500 Series IP Phones 7.5.2b
- Cisco Small Business SPA500 Series IP Phones 7.5.3
- Cisco Small Business SPA500 Series IP Phones 7.5.4
- Cisco Small Business SPA500 Series IP Phones 7.5.5
- Cisco Small Business SPA500 Series IP Phones 7.6.2SR5
Recommendations
Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
Permit access to systems for trusted and accountable individuals only.
Updates are available. Please see the references or vendor advisory for more information.
References
Related
cvelist
cvelist
nvd
nvd
CVE-2019-15959
2020-09-23 01:15:12
prion
prion
Command injection
2020-09-23 01:15:00
cisco
cisco
cve
cve
CVE-2019-15959
2020-09-23 01:15:12