CVE-2009-1048

The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
snomsnom_300_firmware
6.5 ≤
𝑥
< 6.5.20
snomsnom_300_firmware
7.1 ≤
𝑥
< 7.1.39
snomsnom_300_firmware
7.3 ≤
𝑥
< 7.3.14
snomsnom_320_firmware
6.5 ≤
𝑥
< 6.5.20
snomsnom_320_firmware
7.1 ≤
𝑥
< 7.1.39
snomsnom_320_firmware
7.3 ≤
𝑥
< 7.3.14
snomsnom_360_firmware
6.5 ≤
𝑥
< 6.5.20
snomsnom_360_firmware
7.1 ≤
𝑥
< 7.1.39
snomsnom_360_firmware
7.3 ≤
𝑥
< 7.3.14
snomsnom_370_firmware
6.5 ≤
𝑥
< 6.5.20
snomsnom_370_firmware
7.1 ≤
𝑥
< 7.1.39
snomsnom_370_firmware
7.3 ≤
𝑥
< 7.3.14
snomsnom_820_firmware
6.5 ≤
𝑥
< 6.5.20
snomsnom_820_firmware
7.1 ≤
𝑥
< 7.1.39
snomsnom_820_firmware
7.3 ≤
𝑥
< 7.3.14
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/36293
http://www.csnc.ch/misc/files/advisories/cve-2009-1048.txt
http://www.securityfocus.com/archive/1/505723/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/52424
http://secunia.com/advisories/36293
http://www.csnc.ch/misc/files/advisories/cve-2009-1048.txt
http://www.securityfocus.com/archive/1/505723/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/52424