CVE-2012-1417

Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2012-03/0056.html
http://packetstormsecurity.org/files/110320/yealink-xss.txt	Exploit
http://secunia.com/advisories/48194
http://www.exploit-db.com/exploits/18540	Exploit
http://www.osvdb.org/79675
http://www.securityfocus.com/bid/52209
https://exchange.xforce.ibmcloud.com/vulnerabilities/73573
http://archives.neohapsis.com/archives/bugtraq/2012-03/0056.html
http://packetstormsecurity.org/files/110320/yealink-xss.txt	Exploit
http://secunia.com/advisories/48194
http://www.exploit-db.com/exploits/18540	Exploit
http://www.osvdb.org/79675
http://www.securityfocus.com/bid/52209
https://exchange.xforce.ibmcloud.com/vulnerabilities/73573

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:yealink:gigabit_color_ip_phone_sip-t32g:-:::::::*
	cpe:2.3:h:yealink:gigabit_color_ip_phone_sip-t38g:-:::::::*
	cpe:2.3:h:yealink:ip_phone_sip-t19p:-:::::::*
	cpe:2.3:h:yealink:ip_phone_sip-t20p:-:::::::*
	cpe:2.3:h:yealink:ip_phone_sip-t21p:-:::::::*
	cpe:2.3:h:yealink:ip_phone_sip-t22p:-:::::::*
	cpe:2.3:h:yealink:ip_phone_sip-t26p:-:::::::*
	cpe:2.3:h:yealink:ip_phone_sip-t28p:-:::::::*
	cpe:2.3:h:yealink:ip_video_phone_vp530:-:::::::*
	cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t41p:-:::::::*
	cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t42g:-:::::::*
	cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t46g:-:::::::*
	cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t48g:-:::::::*
	cpe:2.3:h:yealink:w52p:-:::::::*

History

21 Nov 2024, 01:36

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2012-03/0056.html -~~	() http://archives.neohapsis.com/archives/bugtraq/2012-03/0056.html -
References	~~() http://packetstormsecurity.org/files/110320/yealink-xss.txt - Exploit~~	() http://packetstormsecurity.org/files/110320/yealink-xss.txt - Exploit
References	~~() http://secunia.com/advisories/48194 -~~	() http://secunia.com/advisories/48194 -
References	~~() http://www.exploit-db.com/exploits/18540 - Exploit~~	() http://www.exploit-db.com/exploits/18540 - Exploit
References	~~() http://www.osvdb.org/79675 -~~	() http://www.osvdb.org/79675 -
References	~~() http://www.securityfocus.com/bid/52209 -~~	() http://www.securityfocus.com/bid/52209 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/73573 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/73573 -

Information

Published : 2014-09-17 14:55

Updated : 2025-04-12 10:46

NVD link : CVE-2012-1417

Mitre link : CVE-2012-1417

CVE.ORG link : CVE-2012-1417

JSON object : View

Products Affected

yealink

gigabit_color_ip_phone_sip-t38g
ip_phone_sip-t28p
ultra-elegant_ip_phone_sip-t46g
gigabit_color_ip_phone_sip-t32g
ip_phone_sip-t20p
ultra-elegant_ip_phone_sip-t48g
ip_phone_sip-t21p
ip_phone_sip-t22p
ip_video_phone_vp530
ultra-elegant_ip_phone_sip-t41p
w52p
ip_phone_sip-t26p
ultra-elegant_ip_phone_sip-t42g
ip_phone_sip-t19p

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2012-1417", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-09-17T14:55:02.963", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0056.html", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.org/files/110320/yealink-xss.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/48194", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/18540", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/79675", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/52209", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73573", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0056.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.org/files/110320/yealink-xss.txt", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/48194", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/18540", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/79675", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/52209", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73573", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en Local Phone book y Blacklist en Yealink VOIP Phones permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del campo 'user' hacia cgi-bin/ConfigManApp.com."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:yealink:gigabit_color_ip_phone_sip-t32g:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8274CC4-391F-49B2-BA1C-82F54DE4A5D9"}, {"criteria": "cpe:2.3:h:yealink:gigabit_color_ip_phone_sip-t38g:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6ED3BACB-4AE6-4D53-B058-6FF1C7634F1D"}, {"criteria": "cpe:2.3:h:yealink:ip_phone_sip-t19p:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BF3E795-BF27-48D9-8737-CDA86FB580B1"}, {"criteria": "cpe:2.3:h:yealink:ip_phone_sip-t20p:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C593189-C2E8-44FD-9EE2-5E3DECF0A763"}, {"criteria": "cpe:2.3:h:yealink:ip_phone_sip-t21p:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C09377BF-BB8F-44CD-BD47-3B381DC5CF5F"}, {"criteria": "cpe:2.3:h:yealink:ip_phone_sip-t22p:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51EE4155-F0DE-4DB2-8E9F-ED316D241176"}, {"criteria": "cpe:2.3:h:yealink:ip_phone_sip-t26p:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C67D703-166F-4D26-9FF2-02133926B65F"}, {"criteria": "cpe:2.3:h:yealink:ip_phone_sip-t28p:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EA7DD45-BF4E-4F8B-858F-4AA16934F4B9"}, {"criteria": "cpe:2.3:h:yealink:ip_video_phone_vp530:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16B6BDE8-846A-41D9-9F3F-E30635D41B6F"}, {"criteria": "cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t41p:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B78A770C-A9FC-4900-AA3C-72F41745CE2A"}, {"criteria": "cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t42g:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6FF97DC-B477-4A58-8D23-59DD9D64C9B3"}, {"criteria": "cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t46g:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79D78818-02DE-4BF6-8AE3-490005329407"}, {"criteria": "cpe:2.3:h:yealink:ultra-elegant_ip_phone_sip-t48g:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76ED7CFC-CFE7-41DB-B716-2F1F88478EFF"}, {"criteria": "cpe:2.3:h:yealink:w52p:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "613FA44A-0147-4AB5-83E8-9CDB906CCED2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

3.5 /10