CVE-2011-1637

Current Description

Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image, aka Bug ID CSCtn65962.

Basic Data

PublishedJune 02, 2011
Last ModifiedAugust 17, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:M/Au:S/C:P/I:N/A:N
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score1.5
SeverityLOW
Exploitability Score2.7
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareCiscoUnified Ip Phone 7906********
      2.3HardwareCiscoUnified Ip Phone 7911g********
      2.3HardwareCiscoUnified Ip Phone 7931g********
      2.3HardwareCiscoUnified Ip Phone 7941g********
      2.3HardwareCiscoUnified Ip Phone 7941g-ge********
      2.3HardwareCiscoUnified Ip Phone 7942g********
      2.3HardwareCiscoUnified Ip Phone 7945g********
      2.3HardwareCiscoUnified Ip Phone 7961g********
      2.3HardwareCiscoUnified Ip Phone 7961g-ge********
      2.3HardwareCiscoUnified Ip Phone 7962g********
      2.3HardwareCiscoUnified Ip Phone 7965g********
      2.3HardwareCiscoUnified Ip Phone 7970g********
      2.3HardwareCiscoUnified Ip Phone 7971g-ge********
      2.3HardwareCiscoUnified Ip Phone 7975g********
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSCiscoSkinny Client Control Protocol Software1.0(1)*******
      2.3OSCiscoSkinny Client Control Protocol Software1.0(2)*******
      2.3OSCiscoSkinny Client Control Protocol Software1.0(2)sr1******
      2.3OSCiscoSkinny Client Control Protocol Software1.0(3)*******
      2.3OSCiscoSkinny Client Control Protocol Software1.0(4)*******
      2.3OSCiscoSkinny Client Control Protocol Software1.0(5)*******
      2.3OSCiscoSkinny Client Control Protocol Software1.0(9)*******
      2.3OSCiscoSkinny Client Control Protocol Software1.1(1)*******
      2.3OSCiscoSkinny Client Control Protocol Software1.2(1)*******
      2.3OSCiscoSkinny Client Control Protocol Software1.3(1)*******
      2.3OSCiscoSkinny Client Control Protocol Software1.3(2)*******
      2.3OSCiscoSkinny Client Control Protocol Software1.3(3)*******
      2.3OSCiscoSkinny Client Control Protocol Software1.3(4)*******
      2.3OSCiscoSkinny Client Control Protocol Software1.3(4)sr1******
      2.3OSCiscoSkinny Client Control Protocol Software1.4(1)*******
      2.3OSCiscoSkinny Client Control Protocol Software1.4(2)*******
      2.3OSCiscoSkinny Client Control Protocol Software2.0(0)*******
      2.3OSCiscoSkinny Client Control Protocol Software2.0(1)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.0*******
      2.3OSCiscoSkinny Client Control Protocol Software3.0(0)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.0(1)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.0(2)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.1*******
      2.3OSCiscoSkinny Client Control Protocol Software3.1(1)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.1(2)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.1(3)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.1(4)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.1(6)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.1(10)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.1(11)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.2*******
      2.3OSCiscoSkinny Client Control Protocol Software3.2(1)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.2(2)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.2(3)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.2(4)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.2(5)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.2(6)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.2(6a)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.2(7)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.2(8)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.2(9)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.2(10)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.2(11)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.2(12)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.2(13)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.2(14)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.2(15)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.3(2)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.3(3)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.3(4)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.3(5)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.3(6)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.3(7)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.3(8)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.3(9)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.3(10)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.3(11)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.3(12)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.3(13)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.3(14)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.3(15)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.3(16)*******
      2.3OSCiscoSkinny Client Control Protocol Software3.3(20)*******
      2.3OSCiscoSkinny Client Control Protocol Software4.0(0)*******
      2.3OSCiscoSkinny Client Control Protocol Software4.1(2)*******
      2.3OSCiscoSkinny Client Control Protocol Software4.1(3)*******
      2.3OSCiscoSkinny Client Control Protocol Software4.1(4)*******
      2.3OSCiscoSkinny Client Control Protocol Software4.1(5)*******
      2.3OSCiscoSkinny Client Control Protocol Software4.1(6)*******
      2.3OSCiscoSkinny Client Control Protocol Software4.1(7)*******
      2.3OSCiscoSkinny Client Control Protocol Software5.0(0)*******
      2.3OSCiscoSkinny Client Control Protocol Software5.0(1a)*******
      2.3OSCiscoSkinny Client Control Protocol Software5.0(3)*******
      2.3OSCiscoSkinny Client Control Protocol Software5.0(5)*******
      2.3OSCiscoSkinny Client Control Protocol Software5.0(6)*******
      2.3OSCiscoSkinny Client Control Protocol Software5.0(7)*******
      2.3OSCiscoSkinny Client Control Protocol Software6.0(0)*******
      2.3OSCiscoSkinny Client Control Protocol Software6.0(2)sr2******
      2.3OSCiscoSkinny Client Control Protocol Software6.0(3)*******
      2.3OSCiscoSkinny Client Control Protocol Software6.0(3)sr1******
      2.3OSCiscoSkinny Client Control Protocol Software6.0(4)*******
      2.3OSCiscoSkinny Client Control Protocol Software6.0(5)*******
      2.3OSCiscoSkinny Client Control Protocol Software6.1(0)*******
      2.3OSCiscoSkinny Client Control Protocol Software6.1(1)*******
      2.3OSCiscoSkinny Client Control Protocol Software7.0(1)*******
      2.3OSCiscoSkinny Client Control Protocol Software7.0(2)*******
      2.3OSCiscoSkinny Client Control Protocol Software7.0(2)sr1******
      2.3OSCiscoSkinny Client Control Protocol Software7.0(3)*******
      2.3OSCiscoSkinny Client Control Protocol Software7.1(2)*******
      2.3OSCiscoSkinny Client Control Protocol Software7.2(2)*******
      2.3OSCiscoSkinny Client Control Protocol Software7.2(3)*******
      2.3OSCiscoSkinny Client Control Protocol Software7.2(4)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.0(1)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.0(2)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.0(3)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.0(4)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.0(4)sr1******
      2.3OSCiscoSkinny Client Control Protocol Software8.0(4)sr3a******
      2.3OSCiscoSkinny Client Control Protocol Software8.0(5)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.0(6)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.0(7)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.0(8)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.0(9)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.0(10)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.1(1)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.1(2)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.2(1)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.2(2)sr1******
      2.3OSCiscoSkinny Client Control Protocol Software8.2(2)sr2******
      2.3OSCiscoSkinny Client Control Protocol Software8.2(2)sr3******
      2.3OSCiscoSkinny Client Control Protocol Software8.2(2)sr4******
      2.3OSCiscoSkinny Client Control Protocol Software8.3(1)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.3(2)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.3(2)sr1******
      2.3OSCiscoSkinny Client Control Protocol Software8.3(3)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.3(3)sr1******
      2.3OSCiscoSkinny Client Control Protocol Software8.3(3)sr2******
      2.3OSCiscoSkinny Client Control Protocol Software8.3(5)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.4(1)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.4(1)sr2******
      2.3OSCiscoSkinny Client Control Protocol Software8.4(2)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.4(3)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.4(4)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.5(2)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.5(2)sr1******
      2.3OSCiscoSkinny Client Control Protocol Software8.5(3)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.5(3)sr1******
      2.3OSCiscoSkinny Client Control Protocol Software8.5(4)*******
      2.3OSCiscoSkinny Client Control Protocol Software8.70*******
      2.3OSCiscoSkinny Client Control Protocol Software9.0(2)sr1******
      2.3OSCiscoSkinny Client Control Protocol Software9.0(2)sr2******
      2.3OSCiscoSkinny Client Control Protocol Software9.0(3)*******
      2.3OSCiscoSkinny Client Control Protocol Software*sr1******9.1(1)

Vulnerable Software List

VendorProductVersions
Cisco Unified Ip Phone 7906 *
Cisco Unified Ip Phone 7931g *
Cisco Unified Ip Phone 7941g-ge *
Cisco Unified Ip Phone 7942g *
Cisco Unified Ip Phone 7945g *
Cisco Unified Ip Phone 7961g-ge *
Cisco Unified Ip Phone 7962g *
Cisco Unified Ip Phone 7965g *
Cisco Unified Ip Phone 7971g-ge *
Cisco Unified Ip Phone 7975g *
Cisco Skinny Client Control Protocol Software *, 1.0(1), 1.0(2), 1.0(3), 1.0(4), 1.0(5), 1.0(9), 1.1(1), 1.2(1), 1.3(1), 1.3(2), 1.3(3), 1.3(4), 1.4(1), 1.4(2), 2.0(0), 2.0(1), 3.0, 3.0(0), 3.0(1), 3.0(2), 3.1, 3.1(1), 3.1(10), 3.1(11), 3.1(2), 3.1(3), 3.1(4), 3.1(6), 3.2, 3.2(1), 3.2(10), 3.2(11), 3.2(12), 3.2(13), 3.2(14), 3.2(15), 3.2(2), 3.2(3), 3.2(4), 3.2(5), 3.2(6), 3.2(6a), 3.2(7), 3.2(8), 3.2(9), 3.3(10), 3.3(11), 3.3(12), 3.3(13), 3.3(14), 3.3(15), 3.3(16), 3.3(2), 3.3(20), 3.3(3), 3.3(4), 3.3(5), 3.3(6), 3.3(7), 3.3(8), 3.3(9), 4.0(0), 4.1(2), 4.1(3), 4.1(4), 4.1(5), 4.1(6), 4.1(7), 5.0(0), 5.0(1a), 5.0(3), 5.0(5), 5.0(6), 5.0(7), 6.0(0), 6.0(2), 6.0(3), 6.0(4), 6.0(5), 6.1(0), 6.1(1), 7.0(1), 7.0(2), 7.0(3), 7.1(2), 7.2(2), 7.2(3), 7.2(4), 8.0(1), 8.0(10), 8.0(2), 8.0(3), 8.0(4), 8.0(5), 8.0(6), 8.0(7), 8.0(8), 8.0(9), 8.1(1), 8.1(2), 8.2(1), 8.2(2), 8.3(1), 8.3(2), 8.3(3), 8.3(5), 8.4(1), 8.4(2), 8.4(3), 8.4(4), 8.5(2), 8.5(3), 8.5(4), 8.70, 9.0(2), 9.0(3)
Cisco Unified Ip Phone 7911g *
Cisco Unified Ip Phone 7941g *
Cisco Unified Ip Phone 7961g *
Cisco Unified Ip Phone 7970g *

References

NameSourceURLTags
72719http://osvdb.org/72719OSVDB
44814http://secunia.com/advisories/44814/SECUNIA
20110601 Multiple Vulnerabilities in Cisco Unified IP Phones 7900 Serieshttp://www.cisco.com/en/US/products/products_security_advisory09186a0080b80111.shtmlCISCOVendor Advisory
48075http://www.securityfocus.com/bid/48075BID
1025588http://www.securitytracker.com/id?1025588SECTRACK
cisco-uipp-sign-security-bypass(67743)https://exchange.xforce.ibmcloud.com/vulnerabilities/67743XF