CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:N/I:N/A:C
AI Score
Confidence
High
EPSS
Percentile
5.1%
Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing to a phone’s filesystem, aka Bug ID CSCup90474.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | unified_ip_phones_9900_series_firmware | * | cpe:2.3:o:cisco:unified_ip_phones_9900_series_firmware:*:*:*:*:*:*:*:* |
cisco | unified_ip_phone_9951 | * | cpe:2.3:h:cisco:unified_ip_phone_9951:*:*:*:*:*:*:*:* |
cisco | unified_ip_phone_9971 | * | cpe:2.3:h:cisco:unified_ip_phone_9971:*:*:*:*:*:*:*:* |