CVE-2015-6403

EPSS 0.09%
Published 15.12.2015 05:59:04
Last modified 12.04.2025 10:46:40
Source psirt@cisco.com
Teams watchlist Login
Open Login

The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Spa500 Firmware Version7.5.7

   Cisco ≫ Spa 500ds Version-
   Cisco ≫ Spa 500s Version-
   Cisco ≫ Spa 501g Version-
   Cisco ≫ Spa 502g Version-
   Cisco ≫ Spa 504g Version-
   Cisco ≫ Spa 508g Version-
   Cisco ≫ Spa 509g Version-
   Cisco ≫ Spa 512g Version-
   Cisco ≫ Spa 514g Version-
   Cisco ≫ Spa 525g2 Version-

Cisco ≫ Spa300 Firmware Version7.5.7

Cisco ≫ Spa 301 Version-
Cisco ≫ Spa 303 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.09%	0.267

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp

Vendor Advisory

http://www.securityfocus.com/bid/78739

http://www.securitytracker.com/id/1034376

https://nvd.nist.gov/vuln/detail/CVE-2015-6403

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-6403

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-6403

EUVD