Details of VAR-201408-0027

ID

VAR-201408-0027

CVE

CVE-2013-5759

TITLE

Yealink VoIP Phone SIP-T38G Privilege Escalation Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2014-03720

DESCRIPTION

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-5758. Reason: This candidate is not an independent vulnerability; it is resultant from CVE-2013-5758. Notes: All CVE users should reference CVE-2013-5758 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Yealink VoIP Phone SIP-T38G is an enterprise HD IP phone. Yealink VoIP Phone SIP-T38G has a privilege escalation vulnerability that can be exploited by remote attackers to gain elevated privileges

Trust: 1.71

sources: NVD: CVE-2013-5759 // CNVD: CNVD-2014-03720 // BID: 68054

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-03720

AFFECTED PRODUCTS

vendor:	yealink	model:	voip phone sip-t38g	scope:	-	version:	-	Trust: 0.6
vendor:	yealink	model:	sip-t38g	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2014-03720 // BID: 68054

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-03720
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2014-03720
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-03720

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-651

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201406-651

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5759	Trust: 2.5
db:	BID	id:	68054	Trust: 1.5
db:	CNVD	id:	CNVD-2014-03720	Trust: 0.6
db:	CNNVD	id:	CNNVD-201406-651	Trust: 0.6

sources: CNVD: CNVD-2014-03720 // BID: 68054 // CNNVD: CNNVD-201406-651 // NVD: CVE-2013-5759

REFERENCES

url:

http://www.securityfocus.com/bid/68054

Trust: 1.2

sources: CNVD: CNVD-2014-03720 // CNNVD: CNNVD-201406-651

CREDITS

Mr.Un1k0d3r & Doreth.Z10 From RingZer0 Team

Trust: 0.9

sources: BID: 68054 // CNNVD: CNNVD-201406-651

SOURCES

db:	CNVD	id:	CNVD-2014-03720
db:	BID	id:	68054
db:	CNNVD	id:	CNNVD-201406-651
db:	NVD	id:	CVE-2013-5759

LAST UPDATE DATE

2024-08-14T13:57:50.099000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03720	date:	2014-06-18T00:00:00
db:	BID	id:	68054	date:	2014-06-16T00:00:00
db:	CNNVD	id:	CNNVD-201406-651	date:	2014-06-30T00:00:00
db:	NVD	id:	CVE-2013-5759	date:	2023-11-07T02:16:45.807

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-03720	date:	2014-06-18T00:00:00
db:	BID	id:	68054	date:	2014-06-16T00:00:00
db:	CNNVD	id:	CNNVD-201406-651	date:	2014-06-30T00:00:00
db:	NVD	id:	CVE-2013-5759	date:	2014-08-03T18:55:04.990