Cisco Unified IP Phones Multiple Vulnerabilities (cisco-sa-20110601-phone)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.

Synopsis :

The remote IP telephony device is missing a vendor-supplied patch.

Description :

According to its self-reported version, the version of the Cisco
Unified IP Phone software running on the remote device has the following
vulnerabilities :

- Cisco Unified IP Phones 7900 series are prone to
privilege escalation vulnerabilities. An authenticated
attacker could exploit this issue to perform
unauthorized phone configuration changes or to gain
access to sensitive information. (CVE-2011-1602,

- Cisco Unified IP Phones 7900 series are prone to a
security bypass vulnerability. An attacker can exploit
this issue to bypass the signature-verification
mechanism. Successful exploits could allow an
authenticated attacker to load a crafted software image
with no signature verification. (CVE-2011-1637)

See also :

Solution :

Apply the relevant update referenced in Cisco Security Advisory

Risk factor :

Medium / CVSS Base Score : 6.6
CVSS Temporal Score : 5.7
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 70095 ()

Bugtraq ID: 48074

CVE ID: CVE-2011-1602

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now