CVE-2019-15959: Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability
First published: Wed Sep 23 2020(Updated: )
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco SPA 500 Series IP Phone Firmware | <=7.5.7\(5\) | |
| Cisco SPA 500 DS | ||
| Cisco SPA 500 | ||
| Cisco SPA 501G Firmware | ||
| Cisco SPA 502G Firmware | ||
| Cisco SPA 500 Series | ||
| Cisco SPA 512G Firmware | ||
| Cisco SPA 514G Firmware | ||
| Cisco SPA 525G2 Firmware | ||
| Cisco SPA 525g2 5-line IP Phone |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco Small Business SPA500 Series IP Phones vulnerability?
The vulnerability ID for this Cisco Small Business SPA500 Series IP Phones vulnerability is CVE-2019-15959.
What is the severity level of CVE-2019-15959?
The severity level of CVE-2019-15959 is medium with a CVSS score of 6.6.
How can a physically proximate attacker exploit this vulnerability?
A physically proximate attacker can exploit this vulnerability by executing arbitrary commands on the device.
Which version of Cisco Small Business SPA500 Series IP Phones firmware is affected?
Cisco Small Business SPA500 Series IP Phones firmware versions up to and inclusive of 7.5.7(5) are affected.
Where can I find more information about this vulnerability?
More information about this vulnerability can be found at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-spa500-script
- agent/type
- agent/weakness
- agent/severity
- agent/title
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco spa 500 series ip phone firmware
- version/cisco spa 500 series ip phone firmware/7.5.7\(5\)
- canonical/cisco spa 500 ds
- canonical/cisco spa 500
- canonical/cisco spa 501g firmware
- canonical/cisco spa 502g firmware
- canonical/cisco spa 500 series
- canonical/cisco spa 512g firmware
- canonical/cisco spa 514g firmware
- canonical/cisco spa 525g2 firmware
- canonical/cisco spa 525g2 5-line ip phone