Insecure File Permissions on Cisco Unified IP Phones by Cisco
CVE-2013-6685

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Ip Phone Firmware; Unified Ip Phone 8961; Unified Ip Phone 9951; Unified Ip Phone 9971
Vendor: CVE Published:; 13 November 2013

Summary

The firmware of Cisco Unified IP phones 8961, 9951, and 9971 is susceptible to a vulnerability arising from weak permissions assigned to memory block devices. This weakness enables local users to escalate their privileges by mounting a device that contains a setuid file within its filesystem. This can lead to unauthorized access and control over the device, posing a significant security threat.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Nov 13, 2013