Vulnerability Details CVE-2015-6403
The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.8%
CVSS Severity
CVSS v2 Score 7.2
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp
- http://www.securityfocus.com/bid/78739
- http://www.securitytracker.com/id/1034376
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp
- http://www.securityfocus.com/bid/78739
- http://www.securitytracker.com/id/1034376
Products affected by CVE-2015-6403
-
cpe:2.3:h:cisco:spa_301:-
-
cpe:2.3:h:cisco:spa_303:-
-
cpe:2.3:h:cisco:spa_500ds:-
-
cpe:2.3:h:cisco:spa_500s:-
-
cpe:2.3:h:cisco:spa_501g:-
-
cpe:2.3:h:cisco:spa_502g:-
-
cpe:2.3:h:cisco:spa_504g:-
-
cpe:2.3:h:cisco:spa_508g:-
-
cpe:2.3:h:cisco:spa_509g:-
-
cpe:2.3:h:cisco:spa_512g:-
-
cpe:2.3:h:cisco:spa_514g:-
-
cpe:2.3:h:cisco:spa_525g2:-
-
cpe:2.3:o:cisco:spa300_firmware:7.5.7
-
cpe:2.3:o:cisco:spa500_firmware:7.5.7