Vulnerability Details : CVE-2015-0603
Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing to a phone's filesystem, aka Bug ID CSCup90474.
Vulnerability category: Denial of service
Products affected by CVE-2015-0603
- cpe:2.3:o:cisco:unified_ip_phones_9900_series_firmware:*:*:*:*:*:*:*:*When used together with: Cisco » Unified Ip Phone 9951When used together with: Cisco » Unified Ip Phone 9971
Exploit prediction scoring system (EPSS) score for CVE-2015-0603
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0603
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:S/C:N/I:N/A:C |
3.1
|
6.9
|
NIST |
CWE ids for CVE-2015-0603
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0603
-
http://www.securityfocus.com/bid/72484
Cisco Unified IP Phones 9900 Series CVE-2015-0603 Local Denial of Service Vulnerability
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0603
Cisco Unified IP Phone 9900 Series Insecure Device Permissions VulnerabilityVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/100619
Cisco Unified IP Phones 9900 Series denial of service CVE-2015-0603 Vulnerability Report
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=37345
Cisco Unified IP Phone 9900 Series Insecure Device Permissions VulnerabilityVendor Advisory
Jump to