CVE-2012-5445
published 2012-12-28CVE-2012-5445: The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate…
PriorityP428medium6.8CVSS 2.0
AVLACLAuSCCICAC
EPSS
0.40%
31.8th percentile
The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary.
Affected
139 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | skinny_client_control_protocol_software | <= 9.2\(4\) | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
| cisco | skinny_client_control_protocol_software | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:L/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hgxc-4qm5-pjgr: The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9
ghsa_unreviewed·2022-05-17
CVE-2012-5445 [MEDIUM] CWE-20 GHSA-hgxc-4qm5-pjgr: The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9
The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary.
Cisco
Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability
vendor_cisco·2013-01-10·CVSS 6.8
CVE-2012-5445 [MEDIUM] CWE-20 Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability
Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability
Cisco Unified IP Phones 7900 Series versions 9.3(1)SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges.
This vulnerability is due to a failure to properly validate input passed to kernel system calls from applications running in userspace. An attacker could exploit this issue by gaining local access to the device using physical access or authenticated access using SSH and executing an attacker-controlled binary that is designed to exploit the issue. Such an attack would originate from an unprivileged context.
Ang Cui initially reported the issue to the Cisco Product Security Incident Response Team
Cisco
Cisco Unified IP Phones Local Kernel System Call Input Validation Vulnerability
vendor_cisco·2013-01-09·CVSS 6.8
CVE-2012-5445 [MEDIUM] CWE-20 Cisco Unified IP Phones Local Kernel System Call Input Validation Vulnerability
Cisco Unified IP Phones Local Kernel System Call Input Validation Vulnerability
Cisco Unified IP Phones 7900 Series versions 9.3(1)SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges.
This vulnerability is due to a failure to properly validate input passed to kernel system calls from applications running in userspace. An attacker could exploit this issue by gaining local access to the device using physical access or authenticated access using SSH and executing an attacker-controlled binary that is designed to exploit the issue. Such an attack would originate from an unprivileged context.
Cisco has confirmed the vulnerability in a security advisory and released updated softwa
Cisco
Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability
vendor_cisco
CVE-2012-5445 Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability
CVE-2012-5445: Cisco Unified IP Phone Local Kernel System Call Input Validation Vulnerability
Cisco Unified IP Phones 7900 Series versions 9.3(1)SR1 and prior contain an arbitrary code execution vulnerability that could allow a local attacker to execute code or modify arbitrary memory with elevated privileges. This vulnerability is due to a failure to properly validate input passed to kernel system calls from applications running in userspace. An attacker could exploit this issue by gaining local access to the device using physical access or authenticated access using SSH and executing an attacker-controlled binary that is designed to exploit the issue. Such an attack would originate from an unprivileged context. Ang Cui initially reported the issue to the Cisco Product Security Incident R
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://events.ccc.de/congress/2012/Fahrplan/events/5400.en.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphonehttp://events.ccc.de/congress/2012/Fahrplan/events/5400.en.htmlhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone
2012-12-28
Published