CVE-2015-0604

Published: Feb 7, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424.

Affected (2)

Products: Cisco: Unified Ip Phones 9971 Firmware, Unified Ip Phones 9951 Firmware

Cisco

2 products

Unified Ip Phones 9971 Firmware

Unified Ip Phones 9951 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Unified Ip Phones 9971 Firmware	Version 9.4(.1)

Running on/with	Platform Versions
Cisco Unified Ip Phone 9971	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Unified Ip Phones 9951 Firmware	Version 9.4(.1)

Running on/with	Platform Versions
Cisco Unified Ip Phone 9951	All versions

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://secunia.com/advisories/62761

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0604

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=37346

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/72485

Source: psirt@cisco.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/100620

Source: psirt@cisco.com

http://secunia.com/advisories/62761