SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (VoIP/Phone/FAX)  >   Cisco IP Phones Vendors:   Cisco
Cisco Small Business SPA300/SPA500 IP Phones Authentication Flaw Lets Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1030552
SecurityTracker URL:  http://securitytracker.com/id/1030552
CVE Reference:   CVE-2014-3312   (Links to External Site)
Date:  Jul 11 2014
Impact:   Root access via local system, User access via local system
Vendor Confirmed:  Yes  
Version(s): SPA300 and SPA500 Series
Description:   A vulnerability was reported in Cisco Small Business SPA300/SPA500 IP Phones. A local user can obtain elevated privileges on the target system.

A local user can send specially crafted commands to exploit an authentication flaw in the debug console to access the debug shell and file system on the target phone. The user can execute arbitrary commands and access system memory with elevated privileges.

The Cisco Small Business SPA300 and SPA500 series phones are affected.

The vendor has assigned bug ID CSCun77435 to this vulnerability.

Impact:   A local user can obtain elevated privileges on the target system.
Solution:   No solution was available at the time of this entry.

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3312

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3312 (Links to External Site)
Cause:   Authentication error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC