{ "id": "CVE-2009-1048", "sourceIdentifier": "cve@mitre.org", "published": "2009-08-14T15:16:27.377", "lastModified": "2018-10-10T19:32:52.227", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header." }, { "lang": "es", "value": "El interface Web en los tel\u00e9fonos Snom VoIP modelos 320, 360, 270 y 820 con el firmware v6.5 anteriores a 6.5.20, 7.1 anteriores a 7.1.39 y 7.3 anteriores a 7.3.14 permite a atacantes remotos saltarse la autenticaci\u00f3n, y reconfigurar el tel\u00e9fono o hacer un uso arbitrario del mismo, a trav\u00e9s de (1) http o (2) peticiones https con la direcci\u00f3n IP 127.0.0.1 en la cabecera Host." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 10.0 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": true, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-287" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_300:6.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "17878636-BD2B-4FC1-B65A-FD11F2ED5D23" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_300:6.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "8DC2934D-C53A-4332-8B8D-9237CEBBDBD5" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_300:6.5.13:*:*:*:*:*:*:*", "matchCriteriaId": "9959A63E-CA2A-4768-AF80-BBD224BAF07D" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_300:6.5.15:*:*:*:*:*:*:*", "matchCriteriaId": "1C2E149F-BF1F-4CCA-88AC-56232E425EBC" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_300:6.5.16:*:*:*:*:*:*:*", "matchCriteriaId": "ABB7C22D-F840-43A3-BF8C-F11069CA76D7" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_300:6.5.17:*:*:*:*:*:*:*", "matchCriteriaId": "391EB529-DFFB-469B-9F90-80F8EB897A79" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_300:7.1.30:*:*:*:*:*:*:*", "matchCriteriaId": "FCC149EF-F80B-442F-9588-7A8640711B7E" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_300:7.1.33:*:*:*:*:*:*:*", "matchCriteriaId": "1D2617D9-28AE-44B1-8B63-E3DD6D5A2B62" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_300:7.1.35:*:*:*:*:*:*:*", "matchCriteriaId": "782484D7-671C-4269-9970-C7888C2F0333" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_300:7.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "82DD14A1-C628-4061-A5E4-2DA2793A82D5" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_300:7.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "C6D761A4-95D7-412D-AB81-2223EB5FD238" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_300:7.3.10a:*:*:*:*:*:*:*", "matchCriteriaId": "0722A467-6963-4EBF-B6D0-8BA4C38640D4" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_320:6.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "024541BA-518C-4E19-8D31-61A9D0519A98" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_320:6.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "EE1DB317-8586-42FB-9A37-601F619352DF" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_320:6.5.13:*:*:*:*:*:*:*", "matchCriteriaId": "9A0D0653-A977-4525-A1A2-C18458313F23" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_320:6.5.16:*:*:*:*:*:*:*", "matchCriteriaId": "A3ABCFD7-8DB9-4C7E-89BE-91587B8F85FB" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_320:6.5.17:*:*:*:*:*:*:*", "matchCriteriaId": "D629528D-3DD6-4D32-8BE6-7F1C47A81186" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_320:7.1.30:*:*:*:*:*:*:*", "matchCriteriaId": "D6E7F04E-81D5-410C-BAFF-57477F47E33C" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_320:7.1.33:*:*:*:*:*:*:*", "matchCriteriaId": "7852BEDB-666E-4929-875D-A4B053F4FE79" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_320:7.1.35:*:*:*:*:*:*:*", "matchCriteriaId": "4E1E0D49-9A9B-4328-83DB-5059AC7B3001" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_320:7.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "B1882814-D139-4854-8550-4DFBEA7791D6" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_320:7.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "5885CAF5-60C5-4F46-879E-7AFBC91992C3" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_360:6.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "C3E760B0-9834-4FFB-BB73-D848A960EF82" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_360:6.5.8:*:*:*:*:*:*:*", "matchCriteriaId": "AF8CEE27-6344-4E1B-A5B4-9D8CA0BE7572" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_360:6.5.13:*:*:*:*:*:*:*", "matchCriteriaId": "77DE92C5-068E-41BE-AE10-9E68E74DC429" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_360:6.5.15:*:*:*:*:*:*:*", "matchCriteriaId": "993E658A-1CC0-46AA-A646-945ECC3366F6" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_360:6.5.16:*:*:*:*:*:*:*", "matchCriteriaId": "E72C8BCF-E4A1-4D30-B90B-4561656CF8B0" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_360:6.5.17:*:*:*:*:*:*:*", "matchCriteriaId": "2A490DA3-DEC0-4347-A880-7AA56FC524FF" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_360:7.1.30:*:*:*:*:*:*:*", "matchCriteriaId": "2E4D3D55-86AF-4E04-ABF4-C9DB1DBBA3DE" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_360:7.1.33:*:*:*:*:*:*:*", "matchCriteriaId": "3FACAE41-D98F-4C64-9F11-1A91F47961AE" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_360:7.1.35:*:*:*:*:*:*:*", "matchCriteriaId": "544C67DB-751D-4706-AA27-0CE321DC7F74" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_360:7.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "47A13122-D32F-4C91-B752-CFDC5632132B" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_360:7.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "B3C5A486-1EFB-4B64-BD1E-76F023FCC801" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_360:7.3.10a:*:*:*:*:*:*:*", "matchCriteriaId": "40FF9AC3-9A4B-403B-AA03-3DB040FC96E3" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_370:7.1.30:*:*:*:*:*:*:*", "matchCriteriaId": "5E9349E4-D9E8-433D-B9A3-9C524F91B12C" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_370:7.1.33:*:*:*:*:*:*:*", "matchCriteriaId": "734BBAEA-B3B7-463B-B1E3-3B325E92F9C7" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_370:7.1.35:*:*:*:*:*:*:*", "matchCriteriaId": "272F16C1-6958-4348-9A6C-6F2429F3EEA5" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_370:7.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "2329B49D-6BDB-41C7-9AC9-644DFD1FEEF5" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_370:7.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "AFD187ED-4A00-48AF-9D94-6E6BF1714FA1" }, { "vulnerable": true, "criteria": "cpe:2.3:h:snom:snom_370:7.3.10a:*:*:*:*:*:*:*", "matchCriteriaId": "FA329C99-E5E1-48DB-9B00-443BF330E5D7" } ] } ] } ], "references": [ { "url": "http://www.csnc.ch/misc/files/advisories/cve-2009-1048.txt", "source": "cve@mitre.org" }, { "url": "http://www.securityfocus.com/archive/1/505723/100/0/threaded", "source": "cve@mitre.org" }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52424", "source": "cve@mitre.org" } ] }