6.8
CVE-2012-5445
- EPSS 0.36%
- Veröffentlicht 28.12.2012 11:48:44
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
LoginThe kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Skinny Client Control Protocol Software Version <= 9.2\(4\)
Cisco ≫ Skinny Client Control Protocol Software Version3.0
Cisco ≫ Skinny Client Control Protocol Software Version3.1
Cisco ≫ Skinny Client Control Protocol Software Version3.2
Cisco ≫ Skinny Client Control Protocol Software Version8.70
Cisco ≫ Unified Ip Phone Version7906g
Cisco ≫ Unified Ip Phone Version7911g
Cisco ≫ Unified Ip Phone Version7935
Cisco ≫ Unified Ip Phone Version7936
Cisco ≫ Unified Ip Phone Version7940
Cisco ≫ Unified Ip Phone Version7940g
Cisco ≫ Unified Ip Phone Version7941g
Cisco ≫ Unified Ip Phone Version7960
Cisco ≫ Unified Ip Phone Version7960g
Cisco ≫ Unified Ip Phone Version7961g
Cisco ≫ Unified Ip Phone Version7970g
Cisco ≫ Unified Ip Phone Version7971g
Cisco ≫ Unified Ip Phone 7906g Version7911g
Cisco ≫ Unified Ip Phone 7906g Version7941g
Cisco ≫ Unified Ip Phone 7906g Version7961g
Cisco ≫ Unified Ip Phone 7906g Version7970g
Cisco ≫ Unified Ip Phone 7906g Version7971g
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.574 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 3.1 | 10 |
AV:L/AC:L/Au:S/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.