Sign-up

ID

VAR-202009-0514


CVE

CVE-2019-15959


TITLE

Cisco Small Business SPA500 Series IP Phones input validation error vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-57575 // CNNVD: CNNVD-201911-365

DESCRIPTION

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context

Trust: 2.16

sources: NVD: CVE-2019-15959 // JVNDB: JVNDB-2019-016047 // CNVD: CNVD-2020-57575

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-57575

AFFECTED PRODUCTS

vendor:ciscomodel:spa500 series ip phonesscope:lteversion:7.5.7\(5\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco small business spa500 シリーズ ip phonescope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco small business spa500 シリーズ ip phonescope:eqversion:cisco small business spa500 series ip phone firmware

Trust: 0.8

vendor:ciscomodel:small business spa500 series ip phones <=7.6.2sr5scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-57575 // JVNDB: JVNDB-2019-016047 // NVD: CVE-2019-15959

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-15959
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2019-15959
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-15959
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2020-57575
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-365
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2019-15959
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2020-57575
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

ykramarz@cisco.com: CVE-2019-15959
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.7
impactScore: 5.9
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2019-15959
baseSeverity: MEDIUM
baseScore: 6.6
vectorString: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.7
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2020-57575 // JVNDB: JVNDB-2019-016047 // CNNVD: CNNVD-201911-365 // NVD: CVE-2019-15959 // NVD: CVE-2019-15959

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2019-016047 // NVD: CVE-2019-15959

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201911-365

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201911-365

PATCH

title:cisco-sa-20191106-spa500-scripturl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-spa500-script

Trust: 0.8

title:Patch for Cisco Small Business SPA500 Series IP Phones input validation error vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/236833

Trust: 0.6

title:Cisco Small Business SPA500 Series IP Phones Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=102389

Trust: 0.6

sources: CNVD: CNVD-2020-57575 // JVNDB: JVNDB-2019-016047 // CNNVD: CNNVD-201911-365

EXTERNAL IDS

db:NVDid:CVE-2019-15959

Trust: 3.0

db:AUSCERTid:ESB-2019.4184

Trust: 1.2

db:JVNDBid:JVNDB-2019-016047

Trust: 0.8

db:CNVDid:CNVD-2020-57575

Trust: 0.6

db:CNNVDid:CNNVD-201911-365

Trust: 0.6

sources: CNVD: CNVD-2020-57575 // JVNDB: JVNDB-2019-016047 // CNNVD: CNNVD-201911-365 // NVD: CVE-2019-15959

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20191106-spa500-script

Trust: 2.2

url:https://www.auscert.org.au/bulletins/esb-2019.4184/

Trust: 1.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-15959

Trust: 0.8

sources: CNVD: CNVD-2020-57575 // JVNDB: JVNDB-2019-016047 // CNNVD: CNNVD-201911-365 // NVD: CVE-2019-15959

SOURCES

db:CNVDid:CNVD-2020-57575
db:JVNDBid:JVNDB-2019-016047
db:CNNVDid:CNNVD-201911-365
db:NVDid:CVE-2019-15959

LAST UPDATE DATE

2024-11-23T22:58:09.338000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-57575date:2020-10-20T00:00:00
db:JVNDBid:JVNDB-2019-016047date:2021-04-20T02:27:00
db:CNNVDid:CNNVD-201911-365date:2020-10-09T00:00:00
db:NVDid:CVE-2019-15959date:2024-11-21T04:29:49.480

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-57575date:2020-10-20T00:00:00
db:JVNDBid:JVNDB-2019-016047date:2021-04-20T00:00:00
db:CNNVDid:CNNVD-201911-365date:2019-11-06T00:00:00
db:NVDid:CVE-2019-15959date:2020-09-23T01:15:12.863