Cisco-SA-20130828-CVE-2013-3468

Cisco Unified IP Phone 8945 Crafted PNG Image Lockup Vulnerability

Cisco-SA-20130828-CVE-2013-3468 · Medium · Published 12 years ago · Updated 12 years ago

A vulnerability in PNG image processing of the Cisco Unified IP Phone 8945 running software version 9.3(2) could allow an unauthenticated, remote attacker to cause the phone to lock up. The vulnerability is due to incorrect processing of malformed PNG images. An attacker could exploit this vulnerability by placing a malicious PNG image on the HTTP Server from which the phone requests XML files. A successful exploit could allow the attacker to cause the phone to lock up. Cisco has confirmed the vulnerability in a security notice and software updates are available. To exploit this vulnerability, it is likely that an attacker would need access to trusted, internal networks and access to the HTTP server on the network that serves resources to an affected device. These access requirements limits the likelihood of a successful exploit.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEs	CVE-2013-3468
Cisco Bug IDs	CSCud04270
CVSS Score	Base 5.4 Base 5.4 AV:N/AC:H/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Product Names From Source	Cisco Unified IP Phone 8945

Related Products

Product	CVE	Evidence
Cisco Unified IP Phone 8945	CVE-2013-3468	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco Unified IP Phone 8945 Crafted PNG Image Lockup Vulnerability

Workarounds

Related Products