CVE-2011-1637
published 2011-06-02CVE-2011-1637: Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local…
PriorityP410low1.5CVSS 2.0
AVLACMAuSCPINAN
EPSS
0.27%
18.7th percentile
Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image, aka Bug ID CSCtn65962.
Affected
118 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | skinny_client_control_protocol_software | <= 9.1\(1\) | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
CVSS provenance
nvdv2.01.5LOWAV:L/AC:M/Au:S/C:P/I:N/A:N
vendor_cisco1.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5228-qfm2-w928: Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9
ghsa_unreviewed·2022-05-17
CVE-2011-1637 [LOW] GHSA-5228-qfm2-w928: Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9
Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image, aka Bug ID CSCtn65962.
Cisco
Cisco Unified IP Phones 7900 Series Unsigned Code Installation Vulnerability
vendor_cisco·2011-06-01·CVSS 1.5
CVE-2011-1637 [LOW] CWE-287 Cisco Unified IP Phones 7900 Series Unsigned Code Installation Vulnerability
Cisco Unified IP Phones 7900 Series Unsigned Code Installation Vulnerability
Cisco Unified IP Phones 7900 Series devices contain a vulnerability that could allow an authenticated, local attacker to load a software image without verification.
The vulnerability is due to insecure security checks on software images. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a software image on a targeted device.
Cisco has confirmed this vulnerability in a security advisory and has released updated software.
A potential attacker would need to authenticate to an affected device, which would likely require an attacker to gain access to an internal, trusted network. These factors could mitigate a possible attack.
Cisco indicates through the CVSS
Cisco
Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series
vendor_cisco
CVE-2011-1637 Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series
CVE-2011-1637: Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Series
Cisco Unified IP Phones 7900 Series devices, also known as TNP phones, are affected by three vulnerabilities that could allow an attacker to elevate privileges, change phone configurations, disclose sensitive information, or load unsigned software. These three vulnerabilities are classified as two privilege escalation vulnerabilities and one signature bypass vulnerability. Cisco has released software updates that address these vulnerabilities. There are no
Bug IDs: CSCtf07426, CSCtn65815, CSCtn65962, CSCtf07426, CSCtn65815
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/72719http://secunia.com/advisories/44814/http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80111.shtmlhttp://www.securityfocus.com/bid/48075http://www.securitytracker.com/id?1025588https://exchange.xforce.ibmcloud.com/vulnerabilities/67743http://osvdb.org/72719http://secunia.com/advisories/44814/http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80111.shtmlhttp://www.securityfocus.com/bid/48075http://www.securitytracker.com/id?1025588https://exchange.xforce.ibmcloud.com/vulnerabilities/67743
2011-06-02
Published