CVE-2012-1328: Code Injection
First published: Thu May 03 2012(Updated: )
Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified IP Phones | =9900 | |
| Cisco Unified IP Phone Firmware | =9.1 | |
| Cisco Unified IP Phone Firmware | =9.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-1328?
CVE-2012-1328 has a medium severity rating due to its potential to allow privilege escalation on affected devices.
How do I fix CVE-2012-1328?
To fix CVE-2012-1328, upgrade the firmware of Cisco Unified IP Phones 9900 series to a version later than 9.2.
What devices are affected by CVE-2012-1328?
CVE-2012-1328 affects Cisco Unified IP Phones 9900 series devices running firmware versions 9.1 and 9.2.
Can local users exploit CVE-2012-1328?
Yes, local users can exploit CVE-2012-1328 to gain elevated privileges on affected Cisco IP phones.
Is CVE-2012-1328 related to configuration information?
Yes, CVE-2012-1328 involves improper handling of configuration information downloads to the RT phone.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco unified ip phones
- version/cisco unified ip phones/9900
- canonical/cisco unified ip phone firmware
- version/cisco unified ip phone firmware/9.1
- version/cisco unified ip phone firmware/9.2