CVE-2012-5445

Sažetak

The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary.

Reference

http://events.ccc.de/congress/2012/Fahrplan/events/5400.en.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130109-uipphone

CVSS

Base:	6.8
Impact:	10.0
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:S/C:C/I:C/A:C

Zadnje važnije ažuriranje

04-03-2013 - 05:00

Objavljeno

28-12-2012 - 11:48