CVE-2012-1328
Cisco Unified IP Phone 9900 Series - Privilege Escalation via Configuration Download
Title source: llmDescription
Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75412
Scores
EPSS
0.0041
EPSS Percentile
33.3%
Details
CWE
CWE-94
Status
published
Products (3)
cisco/unified_ip_phone
9900
cisco/unified_ip_phone_firmware
9.1
cisco/unified_ip_phone_firmware
9.2
Published
May 03, 2012
Tracked Since
Feb 18, 2026