Input Validation Flaw in Cisco Unified IP Phones by Cisco
CVE-2012-5445

Currently unrated

Key Information:

Vendor
Cisco
Status
Skinny Client Control Protocol Software
Unified Ip Phone
Unified Ip Phone 7906g
Vendor
CVE Published:
28 December 2012

Summary

The kernel in Cisco Native Unix on Cisco Unified IP Phone 7900 series devices is susceptible to an input validation issue in system calls. This flaw can enable attackers to initiate arbitrary code execution or lead to a denial of service condition resulting from memory overwriting when a specially crafted binary is executed. This vulnerability highlights the need for rigorous security measures in telecommunications device software.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://events.ccc.de/congress/2012/Fahrplan/events/5400.e...
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.