The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.0.3 allows local users to gain privileges via unspecified vectors, aka Bug ID CSCtf07426.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Unified_ip_phone_7906 | Cisco | * | * |
| Unified_ip_phone_7911g | Cisco | * | * |
| Unified_ip_phone_7931g | Cisco | * | * |
| Unified_ip_phone_7941g | Cisco | * | * |
| Unified_ip_phone_7941g-ge | Cisco | * | * |
| Unified_ip_phone_7942g | Cisco | * | * |
| Unified_ip_phone_7945g | Cisco | * | * |
| Unified_ip_phone_7961g | Cisco | * | * |
| Unified_ip_phone_7961g-ge | Cisco | * | * |
| Unified_ip_phone_7962g | Cisco | * | * |
| Unified_ip_phone_7965g | Cisco | * | * |
| Unified_ip_phone_7970g | Cisco | * | * |
| Unified_ip_phone_7971g-ge | Cisco | * | * |
| Unified_ip_phone_7975g | Cisco | * | * |
References
- http://osvdb.org/72717
- http://secunia.com/advisories/44814/
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80111.shtml
- http://www.securityfocus.com/bid/48074
- http://www.securitytracker.com/id?1025588
- http://osvdb.org/72717
- http://secunia.com/advisories/44814/
- http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80111.shtml
- http://www.securityfocus.com/bid/48074
- http://www.securitytracker.com/id?1025588