Show plain JSON{"id": "CVE-2012-1328", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-05-03T23:55:01.403", "references": [{"url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html", "source": "psirt@cisco.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75412", "source": "psirt@cisco.com"}, {"url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/9971_9951_8961/firmware/9_2_3/release_notes/9900_8900_923.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75412", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237."}, {"lang": "es", "value": "Dispositivos Cisco Unified IP Phones 9900 con firmware v9.1 y v9.2 no gestionan de forma adecuada las descargas de informaci\u00f3n de configuraci\u00f3n a un tel\u00e9fono RT, lo que permite a usuarios locales obtener privilegios a trav\u00e9s de injecci\u00f3n de datos no especificados, lo que permite a usuarios locales obtener privilegios a trav\u00e9s de injecci\u00f3n de datos no determinados, tambi\u00e9n conocido como Bug ID CSCts32237."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone:9900:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "182C7DA5-C134-4BE2-AA4F-4629E2E2492B"}, {"criteria": "cpe:2.3:h:cisco:unified_ip_phone_firmware:9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2455942-EDB4-485F-A699-F9081B1BEF94"}, {"criteria": "cpe:2.3:h:cisco:unified_ip_phone_firmware:9.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5733A1F7-893A-441B-AAFE-D1C36F2F1D9C"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@cisco.com"}