Sign-up

ID

VAR-201512-0410


CVE

CVE-2015-6403


TITLE

plural Cisco Small Business SPA Phone TFTP Implementation of a Trojan image loaded vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-006445

DESCRIPTION

The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400. Multiple Cisco IP Phones are prone to a local arbitrary file-upload vulnerability. A local attacker may leverage this issue to upload arbitrary files to the affected device. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCut67400. Cisco Small Business SPA30x, SPA50x and SPA51x are the S series IP telephone products of Cisco (Cisco). The vulnerability is caused by the fact that the program does not correctly verify the integrity of the firmware-image file. The following products are affected: Cisco SPA30X Series IP Phones, SPA50X Series IP Phones, SPA51X Series IP Phones

Trust: 1.98

sources: NVD: CVE-2015-6403 // JVNDB: JVNDB-2015-006445 // BID: 78739 // VULHUB: VHN-84364

AFFECTED PRODUCTS

vendor:ciscomodel:spa500scope:eqversion:7.5.7

Trust: 1.6

vendor:ciscomodel:spa300scope:eqversion:7.5.7

Trust: 1.6

vendor:ciscomodel:small business spa300 series ip phonescope:eqversion:7.5.7

Trust: 0.8

vendor:ciscomodel:small business spa500 series ip phonescope:eqversion:7.5.7

Trust: 0.8

sources: JVNDB: JVNDB-2015-006445 // CNNVD: CNNVD-201512-175 // NVD: CVE-2015-6403

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6403
value: HIGH

Trust: 1.0

NVD: CVE-2015-6403
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201512-175
value: HIGH

Trust: 0.6

VULHUB: VHN-84364
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-6403
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84364
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84364 // JVNDB: JVNDB-2015-006445 // CNNVD: CNNVD-201512-175 // NVD: CVE-2015-6403

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-84364 // JVNDB: JVNDB-2015-006445 // NVD: CVE-2015-6403

THREAT TYPE

local

Trust: 0.9

sources: BID: 78739 // CNNVD: CNNVD-201512-175

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201512-175

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006445

PATCH
title:cisco-sa-20151209-ippurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp
Trust: 0.8
title:Multiple Cisco IP Phones Fixes for product file upload vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59033
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006445 // 
            
            
            
            CNNVD: CNNVD-201512-175

EXTERNAL IDS
db:NVDid:CVE-2015-6403
Trust: 2.8
db:BIDid:78739
Trust: 2.0
db:SECTRACKid:1034376
Trust: 1.1
db:JVNDBid:JVNDB-2015-006445
Trust: 0.8
db:CNNVDid:CNNVD-201512-175
Trust: 0.7
db:VULHUBid:VHN-84364
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84364 // 
            
            
            
            BID: 78739 // 
            
            
            
            JVNDB: JVNDB-2015-006445 // 
            
            
            
            CNNVD: CNNVD-201512-175 // 
            
            
            
            NVD: CVE-2015-6403

REFERENCES
url:http://www.securityfocus.com/bid/78739
Trust: 1.7
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-ipp
Trust: 1.7
url:http://www.securitytracker.com/id/1034376
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6403
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6403
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84364 // 
            
            
            
            BID: 78739 // 
            
            
            
            JVNDB: JVNDB-2015-006445 // 
            
            
            
            CNNVD: CNNVD-201512-175 // 
            
            
            
            NVD: CVE-2015-6403

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 78739 // 
            
            
            
            CNNVD: CNNVD-201512-175

SOURCES
db:VULHUBid:VHN-84364
db:BIDid:78739
db:JVNDBid:JVNDB-2015-006445
db:CNNVDid:CNNVD-201512-175
db:NVDid:CVE-2015-6403

LAST UPDATE DATE
2024-11-23T22:52:42.146000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84364date:2016-12-07T00:00:00
db:BIDid:78739date:2015-12-09T00:00:00
db:JVNDBid:JVNDB-2015-006445date:2015-12-18T00:00:00
db:CNNVDid:CNNVD-201512-175date:2015-12-16T00:00:00
db:NVDid:CVE-2015-6403date:2024-11-21T02:34:56.100

SOURCES RELEASE DATE
db:VULHUBid:VHN-84364date:2015-12-15T00:00:00
db:BIDid:78739date:2015-12-09T00:00:00
db:JVNDBid:JVNDB-2015-006445date:2015-12-18T00:00:00
db:CNNVDid:CNNVD-201512-175date:2015-12-10T00:00:00
db:NVDid:CVE-2015-6403date:2015-12-15T05:59:04.853