Arbitrary File Upload Vulnerability in Cisco Unified IP Phones
CVE-2015-0604

Currently unrated

Key Information:

Vendor: Cisco
Status: Unified Ip Phones 9971 Firmware
Vendor: CVE Published:; 7 February 2015

Summary

The web framework on Cisco Unified IP 9900 phones, specifically those running firmware versions 9.4(1) and earlier, is susceptible to a significant security flaw. Attackers can exploit this vulnerability to upload files to arbitrary locations within the phone's filesystem through specially crafted HTTP requests. This unauthorized file upload capability poses a serious risk as it may allow attackers to manipulate device behavior or deploy malicious files, affecting system integrity and user data.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/100620

vdb-entryx_refsource_XF

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://secunia.com/advisories/62761

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Feb 7, 2015
Vulnerability Reserved
Jan 7, 2015