CVE-2008-0529: Buffer Overflow
First published: Fri Feb 15 2008(Updated: )
Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified IP Phones | =7906g | |
| Cisco Unified IP Phones | =7911g | |
| Cisco Unified IP Phones | =7935 | |
| Cisco Unified IP Phones | =7936 | |
| Cisco Unified IP Phones | =7940 | |
| Cisco Unified IP Phones | =7940g | |
| Cisco Unified IP Phones | =7941g | |
| Cisco Unified IP Phones | =7960 | |
| Cisco Unified IP Phones | =7960g | |
| Cisco Unified IP Phones | =7961g | |
| Cisco Unified IP Phones | =7970g | |
| Cisco Unified IP Phones | =7971g | |
| Cisco Skinny Client Control Protocol (SCCP) Firmware | ||
| Cisco Session Initiation Protocol (sip) Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml
- http://www.securityfocus.com/bid/27774
- http://www.securitytracker.com/id?1019410
- http://secunia.com/advisories/28935
- http://www.vupen.com/english/advisories/2008/0543
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40493
Frequently Asked Questions
What is the severity of CVE-2008-0529?
CVE-2008-0529 is classified as a critical vulnerability due to the potential for remote code execution.
How do I fix CVE-2008-0529?
To fix CVE-2008-0529, update the Cisco Unified IP Phone firmware to a version that addresses this buffer overflow vulnerability.
Who is affected by CVE-2008-0529?
CVE-2008-0529 affects Cisco Unified IP Phones including models 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G with SCCP firmware.
Can CVE-2008-0529 be exploited remotely?
Yes, CVE-2008-0529 can be exploited remotely by authenticated users through crafted commands sent to the telnet server.
What are the potential consequences of CVE-2008-0529?
Exploitation of CVE-2008-0529 may allow an attacker to execute arbitrary code on the device, potentially leading to a full system compromise.
- collector/nvd-historical
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified ip phones
- version/cisco unified ip phones/7906g
- version/cisco unified ip phones/7911g
- version/cisco unified ip phones/7935
- version/cisco unified ip phones/7936
- version/cisco unified ip phones/7940
- version/cisco unified ip phones/7940g
- version/cisco unified ip phones/7941g
- version/cisco unified ip phones/7960
- version/cisco unified ip phones/7960g
- version/cisco unified ip phones/7961g
- version/cisco unified ip phones/7970g
- version/cisco unified ip phones/7971g
- canonical/cisco skinny client control protocol (sccp) firmware
- canonical/cisco session initiation protocol (sip) firmware