CVE-2015-6403
Severity Score
7.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.
La implementación TFTP en teléfonos Cisco Small Business SPA30x, SPA50x, SPA51x 7.5.7 no valida adecuadamente la integridad del archivo de imagen de firmware, lo que permite a usuarios locales cargar una imagen de un Troyano mediante el aprovechamiento de acceso shell, también conocido como Bug ID CSCut67400.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-08-17 CVE Reserved
- 2015-12-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/78739 | Vdb Entry | |
| http://www.securitytracker.com/id/1034376 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp | 2016-12-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Spa500 Firmware Search vendor "Cisco" for product "Spa500 Firmware" | 7.5.7 Search vendor "Cisco" for product "Spa500 Firmware" and version "7.5.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 500ds Search vendor "Cisco" for product "Spa 500ds" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa500 Firmware Search vendor "Cisco" for product "Spa500 Firmware" | 7.5.7 Search vendor "Cisco" for product "Spa500 Firmware" and version "7.5.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 500s Search vendor "Cisco" for product "Spa 500s" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa500 Firmware Search vendor "Cisco" for product "Spa500 Firmware" | 7.5.7 Search vendor "Cisco" for product "Spa500 Firmware" and version "7.5.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 501g Search vendor "Cisco" for product "Spa 501g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa500 Firmware Search vendor "Cisco" for product "Spa500 Firmware" | 7.5.7 Search vendor "Cisco" for product "Spa500 Firmware" and version "7.5.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 502g Search vendor "Cisco" for product "Spa 502g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa500 Firmware Search vendor "Cisco" for product "Spa500 Firmware" | 7.5.7 Search vendor "Cisco" for product "Spa500 Firmware" and version "7.5.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 504g Search vendor "Cisco" for product "Spa 504g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa500 Firmware Search vendor "Cisco" for product "Spa500 Firmware" | 7.5.7 Search vendor "Cisco" for product "Spa500 Firmware" and version "7.5.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 508g Search vendor "Cisco" for product "Spa 508g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa500 Firmware Search vendor "Cisco" for product "Spa500 Firmware" | 7.5.7 Search vendor "Cisco" for product "Spa500 Firmware" and version "7.5.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 509g Search vendor "Cisco" for product "Spa 509g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa500 Firmware Search vendor "Cisco" for product "Spa500 Firmware" | 7.5.7 Search vendor "Cisco" for product "Spa500 Firmware" and version "7.5.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 512g Search vendor "Cisco" for product "Spa 512g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa500 Firmware Search vendor "Cisco" for product "Spa500 Firmware" | 7.5.7 Search vendor "Cisco" for product "Spa500 Firmware" and version "7.5.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 514g Search vendor "Cisco" for product "Spa 514g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa500 Firmware Search vendor "Cisco" for product "Spa500 Firmware" | 7.5.7 Search vendor "Cisco" for product "Spa500 Firmware" and version "7.5.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 525g2 Search vendor "Cisco" for product "Spa 525g2" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa300 Firmware Search vendor "Cisco" for product "Spa300 Firmware" | 7.5.7 Search vendor "Cisco" for product "Spa300 Firmware" and version "7.5.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 301 Search vendor "Cisco" for product "Spa 301" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Spa300 Firmware Search vendor "Cisco" for product "Spa300 Firmware" | 7.5.7 Search vendor "Cisco" for product "Spa300 Firmware" and version "7.5.7" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa 303 Search vendor "Cisco" for product "Spa 303" | - | - |
Safe
|