Command Injection Vulnerability in Cisco 9900 Unified IP Phones
CVE-2013-5533

Currently unrated

Key Information:

Vendor
Cisco
Status
Unified Ip Phones 9900 Series Firmware
Unified Ip Phone 9951
Unified Ip Phone 9971
Vendor
CVE Published:
11 October 2013

Summary

The image-upgrade functionality in Cisco 9900 Unified IP phones is susceptible to command injection, allowing local users to execute arbitrary shell commands by manipulating an unspecified parameter. This vulnerability could lead to unauthorized access and potentially compromise the device's integrity.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securityfocus.com/bid/62943
vdb-entryx_refsource_BID
http://osvdb.org/98337
vdb-entryx_refsource_OSVDB

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.