VDB
CVE-2019-1923
CVE-2019-1923
PUBLISHED
CVSS 6.599999904632568 MEDIUM
A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by accessing the configuration interface, which may require a password, and then accessing the device's physical interface and inserting a USB storage device. A successful exploit could allow the attacker to execute arbitrary commands on the device in an elevated security context. At the time of publication, this vulnerability affected Cisco Small Business SPA500 Series IP Phones firmware releases 7.6.2SR5 and prior.
EPSS 0.21% · 42.9th percentile
Risk Scores
CVSS 3.0
6.599999904632568
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.21%
42.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | spa500ds_firmware | 0 |
| cisco | spa501g_firmware | 0 |
| cisco | spa525g2_firmware | 0 |
| cisco | spa500s_firmware | 0 |
| cisco | spa502g_firmware | 0 |
| cisco | spa509g_firmware | 0 |
| Cisco | Cisco SPA525G2 5-line IP Phone | unspecified |
| cisco | spa512g_firmware | 0 |
| cisco | spa504g_firmware | 0 |
| cisco | spa508g_firmware | 0 |
| cisco | spa514g_firmware | 0 |
Exploit Intelligence
Timeline
- Jul 17, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score