PT-2015-7228 · Cisco · Cisco Small Business Spa51X+2

Publicado

2015-12-15

Atualizado

2016-12-07

CVE-2015-6403

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Cisco Small Business SPA30x, SPA50x, SPA51x phones version 7.5.7

Description The issue is related to the TFTP implementation, which fails to properly validate the integrity of firmware-image files. This allows local users with shell access to load malicious firmware images.

Recommendations For version 7.5.7, update to a newer version that contains a fix for this issue, as the current version allows local users to load Trojan horse images by exploiting the improper validation of firmware-image file integrity.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2015-6403

Produtos afetados

Cisco Small Business Spa30X

Cisco Small Business Spa50X

Cisco Small Business Spa51X

PT-2015-7228 · Cisco · Cisco Small Business Spa51X+2

CVE-2015-6403

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4