CVE-2012-1328 - Vulnerability Details - OpenCVE

Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Unified Ip Phone Unified Ip Phone Firmware

Configuration 1 [-]

OR	cpe:2.3:h:cisco:unified_ip_phone:9900:::::::*
	cpe:2.3:h:cisco:unified_ip_phone_firmware:9.1:::::::*
	cpe:2.3:h:cisco:unified_ip_phone_firmware:9.2:::::::*

No data.

References

Link	Providers
http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/75412

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2012-05-03T23:00:00

Updated: 2024-08-06T18:53:37.126Z

Reserved: 2012-02-27T00:00:00

Link: CVE-2012-1328

Vulnrichment

No data.

NVD

Status : Modified

Published: 2012-05-03T23:55:01.403

Modified: 2024-11-21T01:36:49.533

Link: CVE-2012-1328

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-04-27T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-06T21:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html"}, {"name": "cisco-unified-rt-priv-esc(75412)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75412"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2012-1328", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html", "refsource": "CONFIRM", "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html"}, {"name": "cisco-unified-rt-priv-esc(75412)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75412"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:53:37.126Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html"}, {"name": "cisco-unified-rt-priv-esc(75412)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75412"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2012-1328", "datePublished": "2012-05-03T23:00:00", "dateReserved": "2012-02-27T00:00:00", "dateUpdated": "2024-08-06T18:53:37.126Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone:9900:*:*:*:*:*:*:*", "matchCriteriaId": "182C7DA5-C134-4BE2-AA4F-4629E2E2492B", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:unified_ip_phone_firmware:9.1:*:*:*:*:*:*:*", "matchCriteriaId": "E2455942-EDB4-485F-A699-F9081B1BEF94", "vulnerable": true}, {"criteria": "cpe:2.3:h:cisco:unified_ip_phone_firmware:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "5733A1F7-893A-441B-AAFE-D1C36F2F1D9C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237."}, {"lang": "es", "value": "Dispositivos Cisco Unified IP Phones 9900 con firmware v9.1 y v9.2 no gestionan de forma adecuada las descargas de informaci\u00f3n de configuraci\u00f3n a un tel\u00e9fono RT, lo que permite a usuarios locales obtener privilegios a trav\u00e9s de injecci\u00f3n de datos no especificados, lo que permite a usuarios locales obtener privilegios a trav\u00e9s de injecci\u00f3n de datos no determinados, tambi\u00e9n conocido como Bug ID CSCts32237."}], "id": "CVE-2012-1328", "lastModified": "2024-11-21T01:36:49.533", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-05-03T23:55:01.403", "references": [{"source": "ykramarz@cisco.com", "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html"}, {"source": "ykramarz@cisco.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75412"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75412"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}