CVE-2015-6403 - OpenCVE

The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Spa300 Firmware Spa500 Firmware Spa 301 Spa 303 Spa 500ds Spa 500s Spa 501g Spa 502g Spa 504g Spa 508g Spa 509g Spa 512g Spa 514g Spa 525g2

Configuration 1 [-]

AND

cpe:2.3:o:cisco:spa500_firmware:7.5.7:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:spa_500ds:-:::::::*
	cpe:2.3:h:cisco:spa_500s:-:::::::*
	cpe:2.3:h:cisco:spa_501g:-:::::::*
	cpe:2.3:h:cisco:spa_502g:-:::::::*
	cpe:2.3:h:cisco:spa_504g:-:::::::*
	cpe:2.3:h:cisco:spa_508g:-:::::::*
	cpe:2.3:h:cisco:spa_509g:-:::::::*
	cpe:2.3:h:cisco:spa_512g:-:::::::*
	cpe:2.3:h:cisco:spa_514g:-:::::::*
	cpe:2.3:h:cisco:spa_525g2:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:spa300_firmware:7.5.7:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:spa_301:-:::::::*
	cpe:2.3:h:cisco:spa_303:-:::::::*

No data.

References

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp
http://www.securityfocus.com/bid/78739
http://www.securitytracker.com/id/1034376

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2015-12-15T02:00:00

Updated: 2024-08-06T07:22:21.437Z

Reserved: 2015-08-17T00:00:00

Link: CVE-2015-6403

Vulnrichment

No data.

NVD

Status : Modified

Published: 2015-12-15T05:59:04.853

Modified: 2016-12-07T18:20:00.803

Link: CVE-2015-6403

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-09T00:00:00", "descriptions": [{"lang": "en", "value": "The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T14:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1034376", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034376"}, {"name": "78739", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/78739"}, {"name": "20151209 Multiple Cisco IP Phones Firmware Image Upload Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-6403", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1034376", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034376"}, {"name": "78739", "refsource": "BID", "url": "http://www.securityfocus.com/bid/78739"}, {"name": "20151209 Multiple Cisco IP Phones Firmware Image Upload Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T07:22:21.437Z"}, "title": "CVE Program Container", "references": [{"name": "1034376", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1034376"}, {"name": "78739", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/78739"}, {"name": "20151209 Multiple Cisco IP Phones Firmware Image Upload Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-6403", "datePublished": "2015-12-15T02:00:00", "dateReserved": "2015-08-17T00:00:00", "dateUpdated": "2024-08-06T07:22:21.437Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa500_firmware:7.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "2173CEC8-8B88-404C-8526-98CB39F9A954", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_500ds:-:*:*:*:*:*:*:*", "matchCriteriaId": "37E3C90F-011D-454C-8E0C-92E72A6EFE1D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "90C72E35-F124-4D09-AA68-0678ACBA590D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_501g:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A258316-4DB6-47AC-90C0-CB9EF777E151", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_502g:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5DF893E-7E9E-419B-8E7C-E846333646BA", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_504g:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F78AAB2-8ECD-4FAA-8A2A-9035F5C59597", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_508g:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B26A21E-CD32-4DED-8A31-4CCA1C4DD642", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_509g:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A4373DD-753A-46A6-BB96-0488EA52157E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_512g:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CBA0C4D-4BB6-455D-8355-F4FACC5D721C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_514g:-:*:*:*:*:*:*:*", "matchCriteriaId": "97551DEA-85F9-4A38-A8AC-F477CB7ABC2C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_525g2:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BD59A7B-751C-487B-957A-90B5BAEAE3BF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa300_firmware:7.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "B7423475-9BDC-4425-9B88-77F2F539131A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_301:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CE3C04F-884C-4CD1-8503-DB60CCC1B1F3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_303:-:*:*:*:*:*:*:*", "matchCriteriaId": "F04B0F29-5620-4714-A151-7CDA2B9D8F2F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400."}, {"lang": "es", "value": "La implementaci\u00f3n TFTP en tel\u00e9fonos Cisco Small Business SPA30x, SPA50x, SPA51x 7.5.7 no valida adecuadamente la integridad del archivo de imagen de firmware, lo que permite a usuarios locales cargar una imagen de un Troyano mediante el aprovechamiento de acceso shell, tambi\u00e9n conocido como Bug ID CSCut67400."}], "id": "CVE-2015-6403", "lastModified": "2016-12-07T18:20:00.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-12-15T05:59:04.853", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/78739"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1034376"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}