CVE-2015-6403 — Vulnetix

CVE-2015-6403 PUBLISHED CVSS 7.199999809265137 HIGH

The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.

EPSS 0.09% · 25.8th percentile

Risk Scores

CVSS 2.0

7.199999809265137

EPSS Score

0.09%

25.8th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
cisco	spa500_firmware	7.5.7
cisco	spa300_firmware	7.5.7

Exploit Intelligence

1034376 (circl)
78739 (circl)
20151209 Multiple Cisco IP Phones Firmware Image Upload Vulnerability (circl)

Timeline

Dec 9, 2015 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score

References

1034376 vdb
78739 vdb
20151209 Multiple Cisco IP Phones Firmware Image Upload Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2015-6403 advisory

Open in Interactive Console →