CVE-2015-0604
Cisco Unified IP 9900 Phones Firmware 9.4(.1) - Arbitrary File Write via HTTP Request
Title source: llmDescription
The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/100620
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0604
Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/viewAlert.x?alertId=37346
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72485
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62761
Scores
EPSS
0.0136
EPSS Percentile
68.5%
Details
CWE
CWE-20
Status
published
Products (2)
cisco/unified_ip_phones_9951_firmware
9.4\(.1\)
cisco/unified_ip_phones_9971_firmware
9.4\(.1\)
Published
Feb 07, 2015
Tracked Since
Feb 18, 2026