Vulnerability Details : CVE-2012-1328
Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.
Exploit prediction scoring system (EPSS) score for CVE-2012-1328
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-1328
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2012-1328
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-1328
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/75412
Cisco Unified IP Phones 9900 series RT privilege escalation CVE-2012-1328 Vulnerability Report
-
http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html
Cisco Unified IP Phones 8961, 9951, and 9971(SIP) Release Notes for Firmware Release 9.2(3) - Cisco
Products affected by CVE-2012-1328
- cpe:2.3:h:cisco:unified_ip_phone:9900:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_ip_phone_firmware:9.1:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:unified_ip_phone_firmware:9.2:*:*:*:*:*:*:*