CVE Vulnerability

CVE-2019-15959

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.

4.6 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

6.6 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-spa500-script Vendor Advisory
Configurations

Configuration 1
Information

Published : 2020-09-23 01:15

Updated : 2020-10-08 02:38

NVD link : CVE-2019-15959

Mitre link : CVE-2019-15959

Products Affected

Cisco

Spa500 Series Ip Phones Firmware

Spa500ds

Spa500s

Spa501g

Spa502g

Spa504g

Spa512g

Spa514g

Spa525g

Spa525g2

CWE
CWE-20