CVE-2011-1637
UnknownEPSS 0.27%
Last modified
CVE-2011-1637 is a vulnerability of currently unknown severity. Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image, aka Bug ID CSCtn65962.. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image, aka Bug ID CSCtn65962.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Cisco | Unified Ip Phone 7906 | All versions | — |
| Cisco | Unified Ip Phone 7911g | All versions | — |
| Cisco | Unified Ip Phone 7931g | All versions | — |
| Cisco | Unified Ip Phone 7941g | All versions | — |
| Cisco | Unified Ip Phone 7941g-Ge | All versions | — |
| Cisco | Unified Ip Phone 7942g | All versions | — |
| Cisco | Unified Ip Phone 7945g | All versions | — |
| Cisco | Unified Ip Phone 7961g | All versions | — |
| Cisco | Unified Ip Phone 7961g-Ge | All versions | — |
| Cisco | Unified Ip Phone 7962g | All versions | — |
| Cisco | Unified Ip Phone 7965g | All versions | — |
| Cisco | Unified Ip Phone 7970g | All versions | — |
| Cisco | Unified Ip Phone 7971g-Ge | All versions | — |
| Cisco | Unified Ip Phone 7975g | All versions | — |
| Cisco | Skinny Client Control Protocol Software | <= 9.1\(1\) | Sr1 |
| Cisco | Skinny Client Control Protocol Software | 1.0\(1\) | — |
| Cisco | Skinny Client Control Protocol Software | 1.0\(2\) | — |
| Cisco | Skinny Client Control Protocol Software | 1.0\(3\) | — |
| Cisco | Skinny Client Control Protocol Software | 1.0\(4\) | — |
| Cisco | Skinny Client Control Protocol Software | 1.0\(5\) | — |
| Cisco | Skinny Client Control Protocol Software | 1.0\(9\) | — |
| Cisco | Skinny Client Control Protocol Software | 1.1\(1\) | — |
| Cisco | Skinny Client Control Protocol Software | 1.2\(1\) | — |
| Cisco | Skinny Client Control Protocol Software | 1.3\(1\) | — |
| Cisco | Skinny Client Control Protocol Software | 1.3\(2\) | — |
| Cisco | Skinny Client Control Protocol Software | 1.3\(3\) | — |
| Cisco | Skinny Client Control Protocol Software | 1.3\(4\) | — |
| Cisco | Skinny Client Control Protocol Software | 1.4\(1\) | — |
| Cisco | Skinny Client Control Protocol Software | 1.4\(2\) | — |
| Cisco | Skinny Client Control Protocol Software | 2.0\(0\) | — |
| Cisco | Skinny Client Control Protocol Software | 2.0\(1\) | — |
| Cisco | Skinny Client Control Protocol Software | 3.0 | — |
| Cisco | Skinny Client Control Protocol Software | 3.0\(0\) | — |
| Cisco | Skinny Client Control Protocol Software | 3.0\(1\) | — |
| Cisco | Skinny Client Control Protocol Software | 3.0\(2\) | — |
| Cisco | Skinny Client Control Protocol Software | 3.1 | — |
| Cisco | Skinny Client Control Protocol Software | 3.1\(1\) | — |
| Cisco | Skinny Client Control Protocol Software | 3.1\(2\) | — |
| Cisco | Skinny Client Control Protocol Software | 3.1\(3\) | — |
| Cisco | Skinny Client Control Protocol Software | 3.1\(4\) | — |
| Cisco | Skinny Client Control Protocol Software | 3.1\(6\) | — |
| Cisco | Skinny Client Control Protocol Software | 3.1\(10\) | — |
| Cisco | Skinny Client Control Protocol Software | 3.1\(11\) | — |
| Cisco | Skinny Client Control Protocol Software | 3.2 | — |
| Cisco | Skinny Client Control Protocol Software | 3.2\(1\) | — |
| Cisco | Skinny Client Control Protocol Software | 3.2\(2\) | — |
| Cisco | Skinny Client Control Protocol Software | 3.2\(3\) | — |
| Cisco | Skinny Client Control Protocol Software | 3.2\(4\) | — |
| Cisco | Skinny Client Control Protocol Software | 3.2\(5\) | — |
| Cisco | Skinny Client Control Protocol Software | 3.2\(6\) | — |
Showing 50 of 131 affected configurations. See NVD for the full list.
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2011-1637?
Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image, aka Bug ID CSCtn65962.
How severe is CVE-2011-1637?
Severity scoring for CVE-2011-1637 is pending analysis. The EPSS model estimates a 0.27% probability of exploitation in the next 30 days.
How do I fix CVE-2011-1637?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2011-1637?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST