Unified Ip Phone Firmware
CVE-2013-6685
MEDIUM
Severity by source
AV:L/AC:M/Au:S/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:M/Au:S/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382.
AnalysisAI
The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its. Rated medium severity (CVSS 6.6). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-264. The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382. Affected products include: Cisco Unified Ip Phone Firmware, Cisco Unified Ip Phone 8961, Cisco Unified Ip Phone 9951, Cisco Unified Ip Phone 9971.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Unified Ip Phone Firmware
View allThe Cisco Unified IP Phone 8945 with software 9.3(2) allows remote attackers to cause a denial of service (device hang)
A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software co
Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today