Arbitrary File Download Vulnerability in Cisco 9900 IP Phones
CVE-2013-3426

Currently unrated

Key Information:

Vendor
Cisco
Status
Unified Ip Phones 9900 Series Firmware
Unified Ip Phone 9951
Unified Ip Phone 9971
Vendor
CVE Published:
18 July 2013

Summary

The Serviceability servlet on Cisco 9900 IP phones contains a vulnerability that permits remote attackers to access arbitrary files by manipulating file request paths. This flaw can lead to unauthorized disclosure of sensitive information, as the servlet fails to properly validate user inputs, enabling unauthorized access to files on the device.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.