Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for unified_ip_phone by cisco

    CVE-2012-5445 (GCVE-0-2012-5445)

    Vulnerability from nvd – Published: 2012-12-28 11:00 – Updated: 2024-08-06 21:05
    VLAI
    Summary
    The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-12-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:05:47.223Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20130109 Cisco Unified IP Phones Local Kernel System Call Input Validation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://events.ccc.de/congress/2012/Fahrplan/events/5400.en.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-02-07T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20130109 Cisco Unified IP Phones Local Kernel System Call Input Validation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://events.ccc.de/congress/2012/Fahrplan/events/5400.en.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2012-5445",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20130109 Cisco Unified IP Phones Local Kernel System Call Input Validation Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone"
                },
                {
                  "name": "http://events.ccc.de/congress/2012/Fahrplan/events/5400.en.html",
                  "refsource": "MISC",
                  "url": "http://events.ccc.de/congress/2012/Fahrplan/events/5400.en.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2012-5445",
        "datePublished": "2012-12-28T11:00:00.000Z",
        "dateReserved": "2012-10-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:05:47.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1328 (GCVE-0-2012-1328)

    Vulnerability from nvd – Published: 2012-05-03 23:00 – Updated: 2024-08-06 18:53
    VLAI
    Summary
    Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-04-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:53:37.126Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html"
              },
              {
                "name": "cisco-unified-rt-priv-esc(75412)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75412"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-04-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-06T21:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html"
            },
            {
              "name": "cisco-unified-rt-priv-esc(75412)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75412"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2012-1328",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html"
                },
                {
                  "name": "cisco-unified-rt-priv-esc(75412)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75412"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2012-1328",
        "datePublished": "2012-05-03T23:00:00.000Z",
        "dateReserved": "2012-02-27T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:53:37.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6190 (GCVE-0-2007-6190)

    Vulnerability from nvd – Published: 2007-11-30 01:00 – Updated: 2024-08-07 15:54
    VLAI
    Summary
    The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/26668 vdb-entryx_refsource_BID
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://securitytracker.com/id?1019006 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/27829 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/40874 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2007/4036 vdb-entryx_refsource_VUPEN
    http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf x_refsource_MISC
    Date Public
    2007-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:54:27.074Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26668",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26668"
              },
              {
                "name": "20071128 Cisco Unified IP Phone Remote Eavesdropping",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html"
              },
              {
                "name": "1019006",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019006"
              },
              {
                "name": "27829",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27829"
              },
              {
                "name": "40874",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/40874"
              },
              {
                "name": "ADV-2007-4036",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/4036"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-12-06T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26668",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26668"
            },
            {
              "name": "20071128 Cisco Unified IP Phone Remote Eavesdropping",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html"
            },
            {
              "name": "1019006",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019006"
            },
            {
              "name": "27829",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27829"
            },
            {
              "name": "40874",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/40874"
            },
            {
              "name": "ADV-2007-4036",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/4036"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6190",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26668",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26668"
                },
                {
                  "name": "20071128 Cisco Unified IP Phone Remote Eavesdropping",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html"
                },
                {
                  "name": "1019006",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019006"
                },
                {
                  "name": "27829",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27829"
                },
                {
                  "name": "40874",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/40874"
                },
                {
                  "name": "ADV-2007-4036",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/4036"
                },
                {
                  "name": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf",
                  "refsource": "MISC",
                  "url": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6190",
        "datePublished": "2007-11-30T01:00:00.000Z",
        "dateReserved": "2007-11-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:54:27.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-5445 (GCVE-0-2012-5445)

    Vulnerability from cvelistv5 – Published: 2012-12-28 11:00 – Updated: 2024-08-06 21:05
    VLAI
    Summary
    The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-12-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:05:47.223Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20130109 Cisco Unified IP Phones Local Kernel System Call Input Validation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://events.ccc.de/congress/2012/Fahrplan/events/5400.en.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-12-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-02-07T10:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20130109 Cisco Unified IP Phones Local Kernel System Call Input Validation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://events.ccc.de/congress/2012/Fahrplan/events/5400.en.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2012-5445",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20130109 Cisco Unified IP Phones Local Kernel System Call Input Validation Vulnerability",
                  "refsource": "CISCO",
                  "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone"
                },
                {
                  "name": "http://events.ccc.de/congress/2012/Fahrplan/events/5400.en.html",
                  "refsource": "MISC",
                  "url": "http://events.ccc.de/congress/2012/Fahrplan/events/5400.en.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2012-5445",
        "datePublished": "2012-12-28T11:00:00.000Z",
        "dateReserved": "2012-10-17T00:00:00.000Z",
        "dateUpdated": "2024-08-06T21:05:47.223Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-1328 (GCVE-0-2012-1328)

    Vulnerability from cvelistv5 – Published: 2012-05-03 23:00 – Updated: 2024-08-06 18:53
    VLAI
    Summary
    Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2012-04-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T18:53:37.126Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html"
              },
              {
                "name": "cisco-unified-rt-priv-esc(75412)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75412"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-04-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-06T21:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html"
            },
            {
              "name": "cisco-unified-rt-priv-esc(75412)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75412"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "ID": "CVE-2012-1328",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html"
                },
                {
                  "name": "cisco-unified-rt-priv-esc(75412)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75412"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2012-1328",
        "datePublished": "2012-05-03T23:00:00.000Z",
        "dateReserved": "2012-02-27T00:00:00.000Z",
        "dateUpdated": "2024-08-06T18:53:37.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2007-6190 (GCVE-0-2007-6190)

    Vulnerability from cvelistv5 – Published: 2007-11-30 01:00 – Updated: 2024-08-07 15:54
    VLAI
    Summary
    The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/26668 vdb-entryx_refsource_BID
    http://www.cisco.com/en/US/products/products_secu… vendor-advisoryx_refsource_CISCO
    http://securitytracker.com/id?1019006 vdb-entryx_refsource_SECTRACK
    http://secunia.com/advisories/27829 third-party-advisoryx_refsource_SECUNIA
    http://osvdb.org/40874 vdb-entryx_refsource_OSVDB
    http://www.vupen.com/english/advisories/2007/4036 vdb-entryx_refsource_VUPEN
    http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf x_refsource_MISC
    Date Public
    2007-11-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T15:54:27.074Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "26668",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/26668"
              },
              {
                "name": "20071128 Cisco Unified IP Phone Remote Eavesdropping",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html"
              },
              {
                "name": "1019006",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019006"
              },
              {
                "name": "27829",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/27829"
              },
              {
                "name": "40874",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://osvdb.org/40874"
              },
              {
                "name": "ADV-2007-4036",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2007/4036"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2007-11-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2007-12-06T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "26668",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/26668"
            },
            {
              "name": "20071128 Cisco Unified IP Phone Remote Eavesdropping",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html"
            },
            {
              "name": "1019006",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019006"
            },
            {
              "name": "27829",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/27829"
            },
            {
              "name": "40874",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://osvdb.org/40874"
            },
            {
              "name": "ADV-2007-4036",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2007/4036"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2007-6190",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "26668",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/26668"
                },
                {
                  "name": "20071128 Cisco Unified IP Phone Remote Eavesdropping",
                  "refsource": "CISCO",
                  "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html"
                },
                {
                  "name": "1019006",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019006"
                },
                {
                  "name": "27829",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/27829"
                },
                {
                  "name": "40874",
                  "refsource": "OSVDB",
                  "url": "http://osvdb.org/40874"
                },
                {
                  "name": "ADV-2007-4036",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2007/4036"
                },
                {
                  "name": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf",
                  "refsource": "MISC",
                  "url": "http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2007-6190",
        "datePublished": "2007-11-30T01:00:00.000Z",
        "dateReserved": "2007-11-29T00:00:00.000Z",
        "dateUpdated": "2024-08-07T15:54:27.074Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }