Insecure Permissions in Cisco Unified IP 9900 Phones
CVE-2015-0603

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Ip Phones 9900 Series Firmware
Vendor: CVE Published:; 7 February 2015

Summary

The Cisco Unified IP 9900 series phones exhibit a vulnerability due to the use of weak permissions for unspecified files in their firmware versions prior to 9.4(.1). This flaw allows local users with access to the device's filesystem to manipulate files, potentially leading to a denial of service by causing the phone to hang or reboot persistently. Users should ensure they are running the latest firmware to mitigate this risk.

References

http://www.securityfocus.com/bid/72484

vdb-entryx_refsource_BID

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 7, 2015
Vulnerability Reserved
Jan 7, 2015