CVE-2015-6403Improper Input Validation in Cisco Spa300 Firmware

CWE-20Improper Input Validation4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 74.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Spa300 FirmwareCisco Spa500 Firmware
Timeline
PublishedDec 15
Latest updateMay 17

Description

The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-9rwf-hg9h-2rpm: The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 72022-05-17
CVEList
CVE-2015-6403: The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 72015-12-15

📋Vendor Advisories

1
Cisco
Multiple Cisco IP Phones Firmware Image Upload Vulnerability2015-12-09
CVE-2015-6403 — Improper Input Validation in Cisco | cvebase