PT-2012-3191 · Cisco · Cisco Unified Ip Phones 9900

Publicado

2012-05-03

Atualizado

2017-12-07

CVE-2012-1328

CVSS v2.0

4.6

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2

Description The issue is related to the improper handling of configuration information downloads to an RT phone, allowing local users to gain privileges via injected data.

Recommendations For firmware 9.1, update to a version that properly handles configuration information downloads. For firmware 9.2, update to a version that properly handles configuration information downloads. As a temporary workaround, consider restricting access to the configuration download feature until a patch is available.

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

CVE-2012-1328

Produtos afetados

Cisco Unified Ip Phones 9900

PT-2012-3191 · Cisco · Cisco Unified Ip Phones 9900

CVE-2012-1328

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4