CVE-2014-0721 : The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session

The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows remote attackers to obtain root access via a session on the test interface on TCP port 7870, aka Bug ID CSCuh75574.

Published 2014-02-22 21:55:10

Updated 2014-03-06 04:50:35

Source Cisco Systems, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2014-0721

Probability of exploitation activity in the next 30 days: 0.40%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 70 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-0721

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2014-0721

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-0721

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140219-phone

Unauthorized Access Vulnerability in Cisco Unified SIP Phone 3905
Vendor Advisory

Products affected by CVE-2014-0721

Cisco » Unified Sip Phone 3905 » Version: N/A
cpe:2.3:h:cisco:unified_sip_phone_3905:-:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-0721

Exploit prediction scoring system (EPSS) score for CVE-2014-0721

CVSS scores for CVE-2014-0721

CWE ids for CVE-2014-0721

References for CVE-2014-0721

Products affected by CVE-2014-0721