Firmware Upload Vulnerability in Cisco Small Business Phones
CVE-2015-6403

Currently unrated

Key Information:

Vendor: Cisco
Status: Spa500 Firmware
Vendor: CVE Published:; 15 December 2015

Summary

The TFTP implementation on Cisco Small Business SPA30x, SPA50x, and SPA51x phone models in version 7.5.7 exhibits an inadequate validation process for firmware-image file integrity. This vulnerability allows local users with shell access to upload and execute unauthorized firmware, potentially leading to the execution of Trojan horse images. This issue, highlighted in Bug ID CSCut67400, poses a significant risk as it enables the manipulation of the device's firmware, compromising its integrity and security.

References

http://www.securitytracker.com/id/1034376

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/78739

vdb-entryx_refsource_BID

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Dec 15, 2015
Vulnerability Reserved
Aug 17, 2015