CVE-2019-15959
Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.
Una vulnerabilidad en Cisco Small Business SPA500 Series IP Phones, podría permitir a un atacante cercano físicamente ejecutar comandos arbitrarios en el dispositivo. La vulnerabilidad es debido a la presencia de una prueba de desarrollo y una verificación de scripts que permanecieron en el dispositivo. Un atacante podría explotar esta vulnerabilidad mediante el acceso a la interfaz física de un dispositivo e insertando un dispositivo de almacenamiento USB. Una explotación con éxito podría permitir al atacante ejecutar scripts en el dispositivo en un contexto de seguridad elevado
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2019-09-06 CVE Reserved
- 2020-09-23 CVE Published
- 2023-03-08 EPSS Updated
- 2024-11-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Spa500 Series Ip Phones Firmware Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" | <= 7.5.7\(5\) Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" and version " <= 7.5.7\(5\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa500ds Search vendor "Cisco" for product "Spa500ds" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa500 Series Ip Phones Firmware Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" | <= 7.5.7\(5\) Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" and version " <= 7.5.7\(5\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa500s Search vendor "Cisco" for product "Spa500s" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa500 Series Ip Phones Firmware Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" | <= 7.5.7\(5\) Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" and version " <= 7.5.7\(5\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa501g Search vendor "Cisco" for product "Spa501g" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa500 Series Ip Phones Firmware Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" | <= 7.5.7\(5\) Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" and version " <= 7.5.7\(5\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa502g Search vendor "Cisco" for product "Spa502g" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa500 Series Ip Phones Firmware Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" | <= 7.5.7\(5\) Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" and version " <= 7.5.7\(5\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa504g Search vendor "Cisco" for product "Spa504g" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa500 Series Ip Phones Firmware Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" | <= 7.5.7\(5\) Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" and version " <= 7.5.7\(5\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa512g Search vendor "Cisco" for product "Spa512g" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa500 Series Ip Phones Firmware Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" | <= 7.5.7\(5\) Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" and version " <= 7.5.7\(5\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa514g Search vendor "Cisco" for product "Spa514g" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa500 Series Ip Phones Firmware Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" | <= 7.5.7\(5\) Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" and version " <= 7.5.7\(5\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa525g Search vendor "Cisco" for product "Spa525g" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Spa500 Series Ip Phones Firmware Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" | <= 7.5.7\(5\) Search vendor "Cisco" for product "Spa500 Series Ip Phones Firmware" and version " <= 7.5.7\(5\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Spa525g2 Search vendor "Cisco" for product "Spa525g2" | - | - |
Safe
|