CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:C/I:C/A:C
EPSS
Percentile
64.8%
A vulnerability in Cisco Unified IP Phone 9951, Cisco Unified IP Phone 9971, and Cisco Unified IP Phone 8961 could allow an authenticated, local attacker to fully compromise the affected device.
The vulnerability is due to insecure file permissions on memory block devices. An attacker could exploit this vulnerability by mounting a malicious filesystem that contains an attacker-controlled SUID binary. An exploit could allow the attacker to take complete control of the affected device.
Cisco would like to thank Red Balloon Security for reporting this vulnerability.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacker must have local access to the targeted device. This access requirement decreases the likelihood of a successful exploit.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | unified_ip_phones_9900_series_firmware | any | cpe:2.3:o:cisco:unified_ip_phones_9900_series_firmware:any:*:*:*:*:*:*:* |
cisco | unified_ip_phones_9951_firmware | 9900_series_firmware | cpe:2.3:o:cisco:unified_ip_phones_9951_firmware:9900_series_firmware:*:*:*:*:*:*:* |