Freely subscribe to our NEWSLETTER

Vigil@nce - Cisco Unified IP Phone: multiple vulnerabilities

February 2015 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can use several vulnerabilities of Cisco Unified IP
Phone.

Impacted products: Cisco IP Phone

Severity: 2/4

Creation date: 04/02/2015

DESCRIPTION OF THE VULNERABILITY

Several vulnerabilities were announced in Cisco Unified IP Phone.

An attacker can send a malicious packet, in order to trigger a
denial of service of the Mobility Extension. [severity:2/4;
CSCuq12139, CVE-2015-0600]

A local attacker can use a malicious command, in order to trigger
a denial of service. [severity:1/4; CSCup92790, CVE-2015-0601]

An attacker can use the Mobility Extension, in order to obtain
sensitive information. [severity:2/4; CSCuq12117, CVE-2015-0602]

A local attacker can bypass permissions, in order to trigger a
denial of service. [severity:1/4; CSCup90474, CVE-2015-0603]

An attacker can upload a malicious file, in order for example to
upload a Trojan. [severity:2/4; CSCup90424, CVE-2015-0604]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

See previous articles