Vulnerability Details CVE-2015-0604
The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.6%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/62761
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0604
- http://tools.cisco.com/security/center/viewAlert.x?alertId=37346
- http://www.securityfocus.com/bid/72485
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100620
- http://secunia.com/advisories/62761
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0604
- http://tools.cisco.com/security/center/viewAlert.x?alertId=37346
- http://www.securityfocus.com/bid/72485
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100620
Products affected by CVE-2015-0604
-
cpe:2.3:h:cisco:unified_ip_phone_9951:-
-
cpe:2.3:h:cisco:unified_ip_phone_9971:-
-
cpe:2.3:o:cisco:unified_ip_phones_9951_firmware:9.4(.1)
-
cpe:2.3:o:cisco:unified_ip_phones_9971_firmware:9.4(.1)