CVE-2008-0529 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Unified IP Phone Overflow AND

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-3994 documents3 sources

Severity

10.0CRITICALNVD

EPSS

7.1%

top 8.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified IP Phone Overflow AND

Timeline

PublishedFeb 15

Latest updateMay 1

Description

Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶ciscocisco/unified_ip_phone_overflow_and

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-3w49-vm5v-775f: Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote a↗2022-05-01

▶

📋Vendor Advisories

Cisco

Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities↗2008-02-13

▶

Cisco

Cisco Unified IP Phone Overflow and Denial of Service Vulnerabilities↗

▶