CVE-2019-15959 — Vulnetix

CVE-2019-15959 PUBLISHED CVSS 6.599999904632568 MEDIUM

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.

EPSS 0.18% · 39.3th percentile

Risk Scores

CVSS 3.0

6.599999904632568

CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.18%

39.3th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco SPA525G2 5-line IP Phone	n/a
cisco	spa500_series_ip_phones_firmware	0

Exploit Intelligence

20191106 Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability (circl)

Timeline

Nov 6, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 28, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Nov 6, 2022 EPSS Score

References

20191106 Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2019-15959 advisory

Open in Interactive Console →