Lucene search

[email protected]CVE-2009-1048

HistoryAug 14, 2009 - 3:16 p.m.

CVE-2009-1048

2009-08-1415:16:27

CWE-290

[email protected]

web.nvd.nist.gov

snom

voip

firmware

vulnerability

remote attack

authentication bypass

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.0%

JSON

The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header.

Affected configurations

NVD

Node

snomsnom_300_firmwareRange6.5–6.5.20

snomsnom_300_firmwareRange7.1–7.1.39

snomsnom_300_firmwareRange7.3–7.3.14

AND

snomsnom_300Match-

Node

snomsnom_320_firmwareRange6.5–6.5.20

snomsnom_320_firmwareRange7.1–7.1.39

snomsnom_320_firmwareRange7.3–7.3.14

AND

snomsnom_320Match-

Node

snomsnom_360_firmwareRange6.5–6.5.20

snomsnom_360_firmwareRange7.1–7.1.39

snomsnom_360_firmwareRange7.3–7.3.14

AND

snomsnom_360Match-

Node

snomsnom_370_firmwareRange6.5–6.5.20

snomsnom_370_firmwareRange7.1–7.1.39

snomsnom_370_firmwareRange7.3–7.3.14

AND

snomsnom_370Match-

Node

snomsnom_820_firmwareRange6.5–6.5.20

snomsnom_820_firmwareRange7.1–7.1.39

snomsnom_820_firmwareRange7.3–7.3.14

AND

snomsnom_820Match-

CPENameOperatorVersion
snom:snom_300_firmwaresnom snom 300 firmwarelt6.5.20
snom:snom_300_firmwaresnom snom 300 firmwarelt7.1.39
snom:snom_300_firmwaresnom snom 300 firmwarelt7.3.14

CPE	Name	Operator	Version
snom:snom_300_firmware	snom snom 300 firmware	lt	6.5.20
snom:snom_300_firmware	snom snom 300 firmware	lt	7.1.39
snom:snom_300_firmware	snom snom 300 firmware	lt	7.3.14

References

secunia.com/advisories/36293

www.csnc.ch/misc/files/advisories/cve-2009-1048.txt

www.securityfocus.com/archive/1/505723/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/52424

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.0%

JSON

Related for CVE-2009-1048

cvelist1 prion1 packetstorm1 nvd1 securityvulns2