Описание
The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810.
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:cisco:unified_ip_phones_9900_series_firmware:-:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:cisco:unified_ip_phone_9951:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_9971:*:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00375
Низкий
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810.
EPSS
Процентиль: 59%
0.00375
Низкий
5 Medium
CVSS2
Дефекты
CWE-264