// For flags

CVE-2015-4226

 

Severity Score

7.1
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976.

La característica del almacenamiento de paquetes en los teléfonos Cisco 9900 con firmware 9.3(2) no soporta correctamente el protocolo RTP, lo que permite a atacantes remotos causar una denegación de servicio (cuelgue de dispositivo) mediante el envío de paquetes RTP malformados después de que se conteste una llamada, también conocida como Bug ID CSCur39976.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-06-04 CVE Reserved
  • 2015-06-30 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-399: Resource Management Errors
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
 Unified Ip Phones 9900 Series Firmware
Search vendor "Cisco" for product "Unified Ip Phones 9900 Series Firmware"
 9.3\(2\)
Search vendor "Cisco" for product "Unified Ip Phones 9900 Series Firmware" and version "9.3\(2\)"
-
Affected