Vulnerability Description
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Spa500 Series Ip Phones Firmware | <= 7.5.7\(5\) |
| Cisco | Spa500Ds | - |
| Cisco | Spa500S | - |
| Cisco | Spa501G | - |
| Cisco | Spa502G | - |
| Cisco | Spa504G | - |
| Cisco | Spa512G | - |
| Cisco | Spa514G | - |
| Cisco | Spa525G | - |
| Cisco | Spa525G2 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-15959?
CVE-2019-15959 is a vulnerability with a CVSS score of 6.6 (MEDIUM). A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of dev...
How severe is CVE-2019-15959?
CVE-2019-15959 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15959?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Spa500 Series Ip Phones Firmware, Cisco Spa500Ds, Cisco Spa500S, Cisco Spa501G, Cisco Spa502G.