CVE-2019-15959

Name of the Vulnerable Software and Affected Versions Cisco Small Business SPA500 Series IP Phones (affected versions not specified)

Description A vulnerability in the Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The issue is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this by accessing the physical interface of a device and inserting a USB storage device, potentially allowing the execution of scripts in an elevated security context. The vulnerability is also related to insufficient input validation, which could allow an attacker to execute arbitrary code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.