CVE-2015-6403

EPSS 0.09%
Veröffentlicht 15.12.2015 05:59:04
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Spa500 Firmware Version7.5.7

   Cisco ≫ Spa 500ds Version-
   Cisco ≫ Spa 500s Version-
   Cisco ≫ Spa 501g Version-
   Cisco ≫ Spa 502g Version-
   Cisco ≫ Spa 504g Version-
   Cisco ≫ Spa 508g Version-
   Cisco ≫ Spa 509g Version-
   Cisco ≫ Spa 512g Version-
   Cisco ≫ Spa 514g Version-
   Cisco ≫ Spa 525g2 Version-

Cisco ≫ Spa300 Firmware Version7.5.7

Cisco ≫ Spa 301 Version-
Cisco ≫ Spa 303 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.09%	0.267

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp

Vendor Advisory

http://www.securityfocus.com/bid/78739

http://www.securitytracker.com/id/1034376

https://nvd.nist.gov/vuln/detail/CVE-2015-6403

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-6403

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-6403

EUVD