Vulnerability Details CVE-2002-0882
The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the PortInformation script.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.2%
CVSS Severity
CVSS v2 Score 6.4
References
- http://online.securityfocus.com/archive/1/273673
- http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml
- http://www.iss.net/security_center/static/9142.php
- http://www.iss.net/security_center/static/9143.php
- http://www.securityfocus.com/bid/4794
- http://www.securityfocus.com/bid/4798
- http://online.securityfocus.com/archive/1/273673
- http://www.cisco.com/warp/public/707/multiple-ip-phone-vulnerabilities-pub.shtml
- http://www.iss.net/security_center/static/9142.php
- http://www.iss.net/security_center/static/9143.php
- http://www.securityfocus.com/bid/4794
- http://www.securityfocus.com/bid/4798
Products affected by CVE-2002-0882
-
cpe:2.3:h:cisco:voip_phone_cp-7940:3.0
-
cpe:2.3:h:cisco:voip_phone_cp-7940:3.1
-
cpe:2.3:h:cisco:voip_phone_cp-7940:3.2
-
cpe:2.3:o:cisco:skinny_client_control_protocol_software:3.0
-
cpe:2.3:o:cisco:skinny_client_control_protocol_software:3.1
-
cpe:2.3:o:cisco:skinny_client_control_protocol_software:3.2