CERTA-2011-AVI-328
Vulnerability from certfr_avis

Plusieurs vulnérabilités permettant une élévation de privilège ainsi qu'un contournement de la politique de sécurité ont été découvertes dans différents produits de la gamme Cisco Unified IP Phones 7900 Series.

Description

Trois failles ont été découvertes dans plusieurs produits de la gamme Cisco Unified IP Phones 7900 Series.

Deux de ces failles (CVE-2011-1602 et CVE-2011-1603) permettent à une personne malintentionnée d'élever ses privilèges et, ainsi, de modifier la configuration du poste, voir d'obtenir des informations sensibles.

La troisième faille (CVE-2011-1637) permet à un utilisateur malintentionné de contourner la vérification des signatures de l'image logicielle chargée sur le téléphone.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Cisco IP Phone Cisco Unified IP Phone 7961G-GE ;
Cisco IP Phone Cisco Unified IP Phone 7942G ;
Cisco IP Phone Cisco Unified IP Phone 7961G ;
Cisco IP Phone Cisco Unified IP Phone 7941G ;
Cisco IP Phone Cisco Unified IP Phone 7971G-GE ;
Cisco IP Phone Cisco Unified IP Phone 7941G-GE ;
Cisco IP Phone Cisco Unified IP Phone 7965G ;
Cisco IP Phone Cisco Unified IP Phone 7911G ;
Cisco IP Phone Cisco Unified IP Phone 7945G ;
Cisco IP Phone Cisco Unified IP Phone 7906G ;
Cisco IP Phone Cisco Unified IP Phone 7975G ;
Cisco IP Phone Cisco Unified IP Phone 7931G ;
Cisco IP Phone Cisco Unified IP Phone 7970G ;
Cisco IP Phone Cisco Unified IP Phone 7962G ;
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco Unified IP Phone 7961G-GE ;",
      "product": {
        "name": "IP Phone",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified IP Phone 7942G ;",
      "product": {
        "name": "IP Phone",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified IP Phone 7961G ;",
      "product": {
        "name": "IP Phone",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified IP Phone 7941G ;",
      "product": {
        "name": "IP Phone",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified IP Phone 7971G-GE ;",
      "product": {
        "name": "IP Phone",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified IP Phone 7941G-GE ;",
      "product": {
        "name": "IP Phone",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified IP Phone 7965G ;",
      "product": {
        "name": "IP Phone",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified IP Phone 7911G ;",
      "product": {
        "name": "IP Phone",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified IP Phone 7945G ;",
      "product": {
        "name": "IP Phone",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified IP Phone 7906G ;",
      "product": {
        "name": "IP Phone",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified IP Phone 7975G ;",
      "product": {
        "name": "IP Phone",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified IP Phone 7931G ;",
      "product": {
        "name": "IP Phone",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified IP Phone 7970G ;",
      "product": {
        "name": "IP Phone",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified IP Phone 7962G ;",
      "product": {
        "name": "IP Phone",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nTrois failles ont \u00e9t\u00e9 d\u00e9couvertes dans plusieurs produits de la gamme\nCisco Unified IP Phones 7900 Series.\n\nDeux de ces failles (CVE-2011-1602 et CVE-2011-1603) permettent \u00e0 une\npersonne malintentionn\u00e9e d\u0027\u00e9lever ses privil\u00e8ges et, ainsi, de modifier\nla configuration du poste, voir d\u0027obtenir des informations sensibles.\n\nLa troisi\u00e8me faille (CVE-2011-1637) permet \u00e0 un utilisateur\nmalintentionn\u00e9 de contourner la v\u00e9rification des signatures de l\u0027image\nlogicielle charg\u00e9e sur le t\u00e9l\u00e9phone.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1603",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1603"
    },
    {
      "name": "CVE-2011-1602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1602"
    },
    {
      "name": "CVE-2011-1637",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1637"
    }
  ],
  "initial_release_date": "2011-06-03T00:00:00",
  "last_revision_date": "2011-06-03T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-328",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-06-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant une \u00e9l\u00e9vation de privil\u00e8ge ainsi\nqu\u0027un contournement de la politique de s\u00e9curit\u00e9 ont \u00e9t\u00e9 d\u00e9couvertes dans\ndiff\u00e9rents produits de la gamme \u003cspan class=\"textit\"\u003eCisco Unified IP\nPhones 7900 Series\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans les postes t\u00e9l\u00e9phoniques Cisco Unified Phones 7900 Series",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20110601-phone du 01 juin 2011",
      "url": "http://www.cisco.com/warp/public/707/cisco-sa-20110601-phone.shtml"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.