Vigil@nce - Cisco Unified IP Phone: multiple vulnerabilities
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of Cisco Unified IP
Phone.
Impacted products: Cisco IP Phone
Severity: 2/4
Creation date: 04/02/2015
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in Cisco Unified IP Phone.
An attacker can send a malicious packet, in order to trigger a
denial of service of the Mobility Extension. [severity:2/4;
CSCuq12139, CVE-2015-0600]
A local attacker can use a malicious command, in order to trigger
a denial of service. [severity:1/4; CSCup92790, CVE-2015-0601]
An attacker can use the Mobility Extension, in order to obtain
sensitive information. [severity:2/4; CSCuq12117, CVE-2015-0602]
A local attacker can bypass permissions, in order to trigger a
denial of service. [severity:1/4; CSCup90474, CVE-2015-0603]
An attacker can upload a malicious file, in order for example to
upload a Trojan. [severity:2/4; CSCup90424, CVE-2015-0604]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Cisco-Unified-IP-Phone-multiple-vulnerabilities-16107