6.8
CVE-2012-5445
- EPSS 0.36%
- Published 28.12.2012 11:48:44
- Last modified 11.04.2025 00:51:21
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Skinny Client Control Protocol Software Version <= 9.2\(4\)
Cisco ≫ Skinny Client Control Protocol Software Version3.0
Cisco ≫ Skinny Client Control Protocol Software Version3.1
Cisco ≫ Skinny Client Control Protocol Software Version3.2
Cisco ≫ Skinny Client Control Protocol Software Version8.70
Cisco ≫ Unified Ip Phone Version7906g
Cisco ≫ Unified Ip Phone Version7911g
Cisco ≫ Unified Ip Phone Version7935
Cisco ≫ Unified Ip Phone Version7936
Cisco ≫ Unified Ip Phone Version7940
Cisco ≫ Unified Ip Phone Version7940g
Cisco ≫ Unified Ip Phone Version7941g
Cisco ≫ Unified Ip Phone Version7960
Cisco ≫ Unified Ip Phone Version7960g
Cisco ≫ Unified Ip Phone Version7961g
Cisco ≫ Unified Ip Phone Version7970g
Cisco ≫ Unified Ip Phone Version7971g
Cisco ≫ Unified Ip Phone 7906g Version7911g
Cisco ≫ Unified Ip Phone 7906g Version7941g
Cisco ≫ Unified Ip Phone 7906g Version7961g
Cisco ≫ Unified Ip Phone 7906g Version7970g
Cisco ≫ Unified Ip Phone 7906g Version7971g
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.574 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 3.1 | 10 |
AV:L/AC:L/Au:S/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.