Vulnerability 10170 - CERT Civis.Net

Vulnerability Name:

CCN-10170

Published:

2002-09-19

Updated:

2002-09-19

Summary:

The Cisco SIP-based IP Phone model 7960 could allow a local attacker with physical access to the device to modify configuration settings. The Cisco IP Phone model 7960 uses a default key combination to access the device's "Network Settings" and "SIP Settings" configuration. An attacker with knowledge of this key combination could modify the device's configuration details, which could then be used to perform man-in-the-middle attacks, denial of service attacks, or other attacks against the IP Phone.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

Gain Access

References:

Source: CCN
Type: BugTraq Mailing List, Thu Sep 19 2002 - 06:22:32 CDT
The Trivial Cisco IP Phones Compromise

Source: CCN
Type: BugTraq Mailing List, Thu Sep 19 2002 - 15:32:43 CDT
Re: The Trivial Cisco IP Phones Compromise

Source: XF
Type: UNKNOWN
cisco-ipphone-config-access(10170)

Vulnerable Configuration:

Configuration CCN 1:

cpe:/h:cisco:ip_phone_7960:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK