Vulnerability Name: | CCN-10170 | ||||||
Published: | 2002-09-19 | ||||||
Updated: | 2002-09-19 | ||||||
Summary: | The Cisco SIP-based IP Phone model 7960 could allow a local attacker with physical access to the device to modify configuration settings. The Cisco IP Phone model 7960 uses a default key combination to access the device's "Network Settings" and "SIP Settings" configuration. An attacker with knowledge of this key combination could modify the device's configuration details, which could then be used to perform man-in-the-middle attacks, denial of service attacks, or other attacks against the IP Phone. | ||||||
CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||
CVSS v2 Severity: | 4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
| ||||||
Vulnerability Consequences: | Gain Access | ||||||
References: | Source: CCN Type: BugTraq Mailing List, Thu Sep 19 2002 - 06:22:32 CDT The Trivial Cisco IP Phones Compromise Source: CCN Type: BugTraq Mailing List, Thu Sep 19 2002 - 15:32:43 CDT Re: The Trivial Cisco IP Phones Compromise Source: XF Type: UNKNOWN cisco-ipphone-config-access(10170) | ||||||
Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
BACK |