CVE-2009-1048

Published Aug 14, 2009

Last updated a year ago

CVSS critical 9.8

Overview

Description: The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-290

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:snom:snom_300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C47AC90-80C9-4B17-8F55-1B8BFED83064",
            "versionEndExcluding": "6.5.20",
            "versionStartIncluding": "6.5"
          },
          {
            "criteria": "cpe:2.3:o:snom:snom_300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D4BB1BA-268E-47AE-B0B0-63F793C71794",
            "versionEndExcluding": "7.1.39",
            "versionStartIncluding": "7.1"
          },
          {
            "criteria": "cpe:2.3:o:snom:snom_300_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8430CE2-6C4A-4200-B946-F0531A199139",
            "versionEndExcluding": "7.3.14",
            "versionStartIncluding": "7.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:snom:snom_300:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "53C8CF7D-C185-42A3-AF2D-4088358150A9"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:snom:snom_320_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B8C016A-CFDA-4C22-97A2-E052C7E73C59",
            "versionEndExcluding": "6.5.20",
            "versionStartIncluding": "6.5"
          },
          {
            "criteria": "cpe:2.3:o:snom:snom_320_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0E4FA76-1F69-46D4-8444-F0CE59CD33AA",
            "versionEndExcluding": "7.1.39",
            "versionStartIncluding": "7.1"
          },
          {
            "criteria": "cpe:2.3:o:snom:snom_320_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A0A83F90-7F85-4FD2-AC13-72C4B4FA62B0",
            "versionEndExcluding": "7.3.14",
            "versionStartIncluding": "7.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:snom:snom_320:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2B0A870E-6BEA-4F0C-9D96-698220682DD6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:snom:snom_360_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CA41185-98DB-48BA-8C4A-9F9202DCFFAD",
            "versionEndExcluding": "6.5.20",
            "versionStartIncluding": "6.5"
          },
          {
            "criteria": "cpe:2.3:o:snom:snom_360_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A9575B25-7E2C-4E2D-9746-DA56EA97F015",
            "versionEndExcluding": "7.1.39",
            "versionStartIncluding": "7.1"
          },
          {
            "criteria": "cpe:2.3:o:snom:snom_360_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE5E64C2-5D5F-4ACD-9339-069FE7FE8B6A",
            "versionEndExcluding": "7.3.14",
            "versionStartIncluding": "7.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:snom:snom_360:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DBA7DFDB-2A67-4124-81E3-37E3F211568D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:snom:snom_370_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F62932D-6442-4A86-A13B-815A7ECF88BA",
            "versionEndExcluding": "6.5.20",
            "versionStartIncluding": "6.5"
          },
          {
            "criteria": "cpe:2.3:o:snom:snom_370_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6883042A-CE06-4E23-B77F-CC76AEFBD9B5",
            "versionEndExcluding": "7.1.39",
            "versionStartIncluding": "7.1"
          },
          {
            "criteria": "cpe:2.3:o:snom:snom_370_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E205BBA8-10C9-4ED4-9248-1D0CE023C129",
            "versionEndExcluding": "7.3.14",
            "versionStartIncluding": "7.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:snom:snom_370:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D685F7DA-CE4F-497F-B863-6C6175712125"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:snom:snom_820_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9E7A799-BA1E-4D45-A261-33B234400A7B",
            "versionEndExcluding": "6.5.20",
            "versionStartIncluding": "6.5"
          },
          {
            "criteria": "cpe:2.3:o:snom:snom_820_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "99D04CAF-58A1-42C8-B9FD-B9056EA3C5A4",
            "versionEndExcluding": "7.1.39",
            "versionStartIncluding": "7.1"
          },
          {
            "criteria": "cpe:2.3:o:snom:snom_820_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF2D9D65-BA9F-4A56-90F9-A1C7477B1BC9",
            "versionEndExcluding": "7.3.14",
            "versionStartIncluding": "7.3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:snom:snom_820:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "66EEF924-599D-4D5E-88B4-65DE12315F19"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References