CVE-2019-15959

CVE Database · CVE-2019-15959

CVE-2019-15959

· MEDIUMModified

CVSS v3.1

6.6

EPSS

0.36%

Published

Sep 22, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-20CWE-20

Affected Products (10)

cisco · spa500_series_ip_phones_firmwarevulnerable

cisco · spa500ds

cisco · spa500s

cisco · spa501g

cisco · spa502g

cisco · spa504g

cisco · spa512g

cisco · spa514g

cisco · spa525g

cisco · spa525g2

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-spa500-script

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-spa500-script

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs