Описание
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.
Уязвимые конфигурации
Одновременно
Одно из
EPSS
6.6 Medium
CVSS3
6.6 Medium
CVSS3
4.6 Medium
CVSS2
Дефекты
Связанные уязвимости
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.
Уязвимость микропрограммного обеспечения IP-телефонов Cisco Small Business SPA500 Series, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю выполнить произвольный код
EPSS
6.6 Medium
CVSS3
6.6 Medium
CVSS3
4.6 Medium
CVSS2