CVE-2015-6403
CVSS V2 High 7.2
CVSS V3 None
Description
The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.
Overview
- CVE ID
- CVE-2015-6403
- Assigner
- ykramarz@cisco.com
- Vulnerability Status
- Modified
- Published Version
- 2015-12-15T05:59:04
- Last Modified Date
- 2016-12-07T18:20:00
Weakness Enumerations
CPE Configuration (Product)
CPE | Vulnerable | Operator | Version Start | Version End |
---|---|---|---|---|
AND | ||||
cpe:2.3:o:cisco:spa500_firmware:7.5.7:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:cisco:spa_500ds:-:*:*:*:*:*:*:* | 0 | OR | ||
cpe:2.3:h:cisco:spa_500s:-:*:*:*:*:*:*:* | 0 | OR | ||
cpe:2.3:h:cisco:spa_501g:-:*:*:*:*:*:*:* | 0 | OR | ||
cpe:2.3:h:cisco:spa_502g:-:*:*:*:*:*:*:* | 0 | OR | ||
cpe:2.3:h:cisco:spa_504g:-:*:*:*:*:*:*:* | 0 | OR | ||
cpe:2.3:h:cisco:spa_508g:-:*:*:*:*:*:*:* | 0 | OR | ||
cpe:2.3:h:cisco:spa_509g:-:*:*:*:*:*:*:* | 0 | OR | ||
cpe:2.3:h:cisco:spa_512g:-:*:*:*:*:*:*:* | 0 | OR | ||
cpe:2.3:h:cisco:spa_514g:-:*:*:*:*:*:*:* | 0 | OR | ||
cpe:2.3:h:cisco:spa_525g2:-:*:*:*:*:*:*:* | 0 | OR | ||
AND | ||||
cpe:2.3:o:cisco:spa300_firmware:7.5.7:*:*:*:*:*:*:* | 1 | OR | ||
cpe:2.3:h:cisco:spa_301:-:*:*:*:*:*:*:* | 0 | OR | ||
cpe:2.3:h:cisco:spa_303:-:*:*:*:*:*:*:* | 0 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- Access Vector
- LOCAL
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- COMPLETE
- Integrity Impact
- COMPLETE
- Availability Impact
- COMPLETE
- Base Score
- 7.2
- Severity
- HIGH
- Exploitability Score
- 3.9
- Impact Score
- 10
References
Reference URL | Reference Tags |
---|---|
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp | Vendor Advisory |
http://www.securityfocus.com/bid/78739 | |
http://www.securitytracker.com/id/1034376 |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2015-6403 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6403 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2022-05-10 09:59:06 | Added to TrackCVE | |||
2022-12-02 07:34:40 | psirt@cisco.com | ykramarz@cisco.com | CVE Assigner | updated |
2022-12-02 07:34:40 | 2015-12-15T05:59Z | 2015-12-15T05:59:04 | CVE Published Date | updated |
2022-12-02 07:34:40 | 2016-12-07T18:20:00 | CVE Modified Date | updated | |
2022-12-02 07:34:40 | Modified | Vulnerability Status | updated |