CVE-2009-1048 — CRITICAL (9.8)

Q: How severe is CVE-2009-1048?

CVE-2009-1048 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2009-1048?

Check the references section above for vendor advisories and patch information. Affected products include: Snom Snom 300 Firmware, Snom Snom 300, Snom Snom 320 Firmware, Snom Snom 320, Snom Snom 360 Firmware.

Vulnerability Description

The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Snom	Snom 300 Firmware	>= 6.5, < 6.5.20
Snom	Snom 300	-
Snom	Snom 320 Firmware	>= 6.5, < 6.5.20
Snom	Snom 320	-
Snom	Snom 360 Firmware	>= 6.5, < 6.5.20
Snom	Snom 360	-
Snom	Snom 370 Firmware	>= 6.5, < 6.5.20
Snom	Snom 370	-
Snom	Snom 820 Firmware	>= 6.5, < 6.5.20
Snom	Snom 820	-

Related Weaknesses (CWE)

CWE-290

References

http://secunia.com/advisories/36293Broken LinkVendor Advisory
http://www.csnc.ch/misc/files/advisories/cve-2009-1048.txtBroken Link
http://www.securityfocus.com/archive/1/505723/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/52424Third Party AdvisoryVDB Entry
http://secunia.com/advisories/36293Broken LinkVendor Advisory
http://www.csnc.ch/misc/files/advisories/cve-2009-1048.txtBroken Link
http://www.securityfocus.com/archive/1/505723/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/52424Third Party AdvisoryVDB Entry

FAQ

What is CVE-2009-1048?

CVE-2009-1048 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypa...

How severe is CVE-2009-1048?

CVE-2009-1048 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2009-1048?

Check the references section above for vendor advisories and patch information. Affected products include: Snom Snom 300 Firmware, Snom Snom 300, Snom Snom 320 Firmware, Snom Snom 320, Snom Snom 360 Firmware.