← Back

CVE-2015-6403

nvd nist
Published: Dec 15, 2015Modified: May 6, 2026

JSON object

Loading...
7.2
Vector
AV:L/AC:L/Au:N/C:C/I:C/A:C
Exploitability: 3.9 / Impact: 10.0
Source: NVD

Description

The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.

Affected (2)

Cisco
2 products
Spa500 Firmware
Spa300 Firmware
Configuration A
1 vulnerable · 10 platform
Vulnerable SoftwareAffected Versions
Spa500 Firmware
Version 7.5.7
Running on/withPlatform Versions
Cisco
Spa 500ds
All versions
Cisco
Spa 500s
All versions
Cisco
Spa 501g
All versions
Cisco
Spa 502g
All versions
Cisco
Spa 504g
All versions
Cisco
Spa 508g
All versions
Cisco
Spa 509g
All versions
Cisco
Spa 512g
All versions
Cisco
Spa 514g
All versions
Cisco
Spa 525g2
All versions
Configuration B
1 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Spa300 Firmware
Version 7.5.7
Running on/withPlatform Versions
Cisco
Spa 301
All versions
Cisco
Spa 303
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.