Arbitrary File Upload Vulnerability in Cisco Unified IP Phones
CVE-2015-0604

Currently unrated

Key Information:

Vendor

Cisco
Status
Unified Ip Phones 9971 Firmware
Vendor
CVE Published:
7 February 2015

What is CVE-2015-0604?

The web framework on Cisco Unified IP 9900 phones, specifically those running firmware versions 9.4(1) and earlier, is susceptible to a significant security flaw. Attackers can exploit this vulnerability to upload files to arbitrary locations within the phone's filesystem through specially crafted HTTP requests. This unauthorized file upload capability poses a serious risk as it may allow attackers to manipulate device behavior or deploy malicious files, affecting system integrity and user data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/100620
vdb-entryx_refsource_XF
http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://secunia.com/advisories/62761
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.