CVE-2019-15959: Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability
First published: Wed Sep 23 2020(Updated: )
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Spa500 Series Ip Phones Firmware | <=7.5.7\(5\) | |
| Cisco Spa500ds | ||
| Cisco Spa500s | ||
| Cisco Spa501g | ||
| Cisco Spa502g | ||
| Cisco Spa504g | ||
| Cisco Spa512g | ||
| Cisco Spa514g | ||
| Cisco Spa525g | ||
| Cisco Spa525g2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco Small Business SPA500 Series IP Phones vulnerability?
The vulnerability ID for this Cisco Small Business SPA500 Series IP Phones vulnerability is CVE-2019-15959.
What is the severity level of CVE-2019-15959?
The severity level of CVE-2019-15959 is medium with a CVSS score of 6.6.
How can a physically proximate attacker exploit this vulnerability?
A physically proximate attacker can exploit this vulnerability by executing arbitrary commands on the device.
Which version of Cisco Small Business SPA500 Series IP Phones firmware is affected?
Cisco Small Business SPA500 Series IP Phones firmware versions up to and inclusive of 7.5.7(5) are affected.
Where can I find more information about this vulnerability?
More information about this vulnerability can be found at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-spa500-script
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/title
- agent/last-modified-date
- agent/author
- agent/references
- agent/first-publish-date
- agent/tags
- agent/event
- agent/description
- vendor/cisco
- canonical/cisco spa500 series ip phones firmware
- version/cisco spa500 series ip phones firmware/7.5.7\(5\)
- canonical/cisco spa500ds
- canonical/cisco spa500s
- canonical/cisco spa501g
- canonical/cisco spa502g
- canonical/cisco spa504g
- canonical/cisco spa512g
- canonical/cisco spa514g
- canonical/cisco spa525g
- canonical/cisco spa525g2