CVE-2015-6403 - OpenCVE

The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Spa 301 Spa 525g2 Spa 500s Spa 509g Spa500 Firmware Spa 512g Spa 303 Spa 508g Spa 501g Spa300 Firmware Spa 502g Spa 514g Spa 504g Spa 500ds

Configuration 1 [-]

AND

cpe:2.3:o:cisco:spa500_firmware:7.5.7:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:spa_500ds:-:::::::*
	cpe:2.3:h:cisco:spa_500s:-:::::::*
	cpe:2.3:h:cisco:spa_501g:-:::::::*
	cpe:2.3:h:cisco:spa_502g:-:::::::*
	cpe:2.3:h:cisco:spa_504g:-:::::::*
	cpe:2.3:h:cisco:spa_508g:-:::::::*
	cpe:2.3:h:cisco:spa_509g:-:::::::*
	cpe:2.3:h:cisco:spa_512g:-:::::::*
	cpe:2.3:h:cisco:spa_514g:-:::::::*
	cpe:2.3:h:cisco:spa_525g2:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:spa300_firmware:7.5.7:*:*:*:*:*:*:*

OR	cpe:2.3:h:cisco:spa_301:-:::::::*
	cpe:2.3:h:cisco:spa_303:-:::::::*

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp	Vendor Advisory
http://www.securityfocus.com/bid/78739
http://www.securitytracker.com/id/1034376

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2015-12-15T02:00:00

Updated: 2016-12-05T14:57:01

Reserved: 2015-08-17T00:00:00

Link: CVE-2015-6403

JSON object: View

NVD Information

Status : Modified

Published: 2015-12-15T05:59:04.853

Modified: 2016-12-07T18:20:00.803

Link: CVE-2015-6403

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-12-09T00:00:00", "descriptions": [{"lang": "en", "value": "The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-05T14:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "1034376", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1034376"}, {"name": "78739", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/78739"}, {"name": "20151209 Multiple Cisco IP Phones Firmware Image Upload Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2015-6403", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1034376", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1034376"}, {"name": "78739", "refsource": "BID", "url": "http://www.securityfocus.com/bid/78739"}, {"name": "20151209 Multiple Cisco IP Phones Firmware Image Upload Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2015-6403", "datePublished": "2015-12-15T02:00:00", "dateReserved": "2015-08-17T00:00:00", "dateUpdated": "2016-12-05T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa500_firmware:7.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "2173CEC8-8B88-404C-8526-98CB39F9A954", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_500ds:-:*:*:*:*:*:*:*", "matchCriteriaId": "37E3C90F-011D-454C-8E0C-92E72A6EFE1D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_500s:-:*:*:*:*:*:*:*", "matchCriteriaId": "90C72E35-F124-4D09-AA68-0678ACBA590D", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_501g:-:*:*:*:*:*:*:*", "matchCriteriaId": "9A258316-4DB6-47AC-90C0-CB9EF777E151", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_502g:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5DF893E-7E9E-419B-8E7C-E846333646BA", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_504g:-:*:*:*:*:*:*:*", "matchCriteriaId": "4F78AAB2-8ECD-4FAA-8A2A-9035F5C59597", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_508g:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B26A21E-CD32-4DED-8A31-4CCA1C4DD642", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_509g:-:*:*:*:*:*:*:*", "matchCriteriaId": "2A4373DD-753A-46A6-BB96-0488EA52157E", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_512g:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CBA0C4D-4BB6-455D-8355-F4FACC5D721C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_514g:-:*:*:*:*:*:*:*", "matchCriteriaId": "97551DEA-85F9-4A38-A8AC-F477CB7ABC2C", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_525g2:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BD59A7B-751C-487B-957A-90B5BAEAE3BF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa300_firmware:7.5.7:*:*:*:*:*:*:*", "matchCriteriaId": "B7423475-9BDC-4425-9B88-77F2F539131A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_301:-:*:*:*:*:*:*:*", "matchCriteriaId": "8CE3C04F-884C-4CD1-8503-DB60CCC1B1F3", "vulnerable": false}, {"criteria": "cpe:2.3:h:cisco:spa_303:-:*:*:*:*:*:*:*", "matchCriteriaId": "F04B0F29-5620-4714-A151-7CDA2B9D8F2F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400."}, {"lang": "es", "value": "La implementaci\u00f3n TFTP en tel\u00e9fonos Cisco Small Business SPA30x, SPA50x, SPA51x 7.5.7 no valida adecuadamente la integridad del archivo de imagen de firmware, lo que permite a usuarios locales cargar una imagen de un Troyano mediante el aprovechamiento de acceso shell, tambi\u00e9n conocido como Bug ID CSCut67400."}], "id": "CVE-2015-6403", "lastModified": "2016-12-07T18:20:00.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-12-15T05:59:04.853", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp"}, {"source": "ykramarz@cisco.com", "url": "http://www.securityfocus.com/bid/78739"}, {"source": "ykramarz@cisco.com", "url": "http://www.securitytracker.com/id/1034376"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}