Cisco Unified IP Phones 7900 Series Unsigned Code Installation (CVE-2011-1637)

low Tenable OT Security Plugin ID 502109

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image, aka Bug ID CSCtn65962.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://osvdb.org/72719

http://secunia.com/advisories/44814/

http://www.nessus.org/u?83d314f6

http://www.securityfocus.com/bid/48075

http://www.securitytracker.com/id?1025588

https://exchange.xforce.ibmcloud.com/vulnerabilities/67743

Plugin Details

Severity: Low

ID: 502109

Version: 1.1

Type: remote

Family: Tenable.ot

Published: 3/18/2024

Updated: 3/18/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 1.5

Temporal Score: 1.1

Vector: CVSS2#AV:L/AC:M/Au:S/C:P/I:N/A:N

CVSS Score Source: CVE-2011-1637

Vulnerability Information

CPE: cpe:/h:cisco:unified_ip_phone_7906, cpe:/h:cisco:unified_ip_phone_7911g, cpe:/h:cisco:unified_ip_phone_7931g, cpe:/h:cisco:unified_ip_phone_7941g, cpe:/h:cisco:unified_ip_phone_7941g-ge, cpe:/h:cisco:unified_ip_phone_7942g, cpe:/h:cisco:unified_ip_phone_7945g, cpe:/h:cisco:unified_ip_phone_7961g, cpe:/h:cisco:unified_ip_phone_7961g-ge, cpe:/h:cisco:unified_ip_phone_7962g, cpe:/h:cisco:unified_ip_phone_7965g, cpe:/h:cisco:unified_ip_phone_7970g, cpe:/h:cisco:unified_ip_phone_7971g-ge, cpe:/h:cisco:unified_ip_phone_7975g

Required KB Items: Tenable.ot/Cisco

Exploit Ease: No known exploits are available

Patch Publication Date: 6/2/2011

Vulnerability Publication Date: 6/2/2011

Reference Information

CVE: CVE-2011-1637

CWE: 264

SECUNIA: 44814

OSVDB: 72719