Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability
CVE-2019-15959

6.6MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Spa525g2 5-line Ip Phone
Vendor: CVE Published:; 23 September 2020

Badges

👾 Exploit Exists

Summary

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.

Affected Version(s)

Cisco SPA525G2 5-line IP Phone

References

https://tools.cisco.com/security/center/content/CiscoSecu...

vendor-advisoryx_refsource_CISCO

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 5, 2024
Vulnerability published
Sep 23, 2020
Vulnerability Reserved
Sep 6, 2019