Details of VAR-201409-0044

ID

VAR-201409-0044

CVE

CVE-2012-1417

TITLE

Yealink VOIP Phone of Local Phone Cross-site scripting vulnerability in books and blacklists

Trust: 0.8

sources: JVNDB: JVNDB-2012-006271

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com. Yealink VOIP Phone is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible. For more information: SA48299 Please see the vendor's advisory for a list of affected products. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: IBM Maximo Asset Management Products Weakness and Multiple Vulnerabilities SECUNIA ADVISORY ID: SA48299 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48299/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48299 RELEASE DATE: 2012-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/48299/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48299/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48299 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in IBM Maximo Asset Management and IBM Maximo Asset Management Essentials, which can be exploited by malicious users to disclose sensitive information and conduct SQL injection attacks and by malicious people to conduct spoofing attacks, cross-site scripting attacks, cross-site request forgery attacks, and cause a DoS (Denial of Service). 1) The weakness is caused due to the about option in the help menu displaying an otherwise restricted username. 2) Input passed via the "uisessionid" parameter to an unspecified script is not properly verified before being used to redirect users. This can be exploited to redirect users to arbitrary web sites. 3) Input passed via the "controlid" parameter to imicon.jsp and the "reportType" parameter to an unspecified script is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Input passed via the "uisesionid" parameter to ui/ and maximo.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 5) Certain input in Start Center Layout and Configuration is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 6) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. conduct web cache poisoning and cross-site scripting attacks by tricking a logged in user into visiting a malicious web site. 7) An error when handling multiple UI sessions in an HTTP session can be exploited to consume large amounts of memory and render the server unusable. 8) Certain input passed to the KPI component is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in versions 6.2, 7.1, and 7.5. SOLUTION: Apply APAR or interim fix (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IV09157, IV09189, IV09190, IV09193, IV09194, IV09197, IV09200, IV09202, IV09198): http://www.ibm.com/support/docview.wss?uid=swg21584666 http://xforce.iss.net/xforce/xfdb/72004 http://xforce.iss.net/xforce/xfdb/72006 http://xforce.iss.net/xforce/xfdb/71996 http://xforce.iss.net/xforce/xfdb/71999 http://xforce.iss.net/xforce/xfdb/72008 http://xforce.iss.net/xforce/xfdb/72612 http://xforce.iss.net/xforce/xfdb/72000 http://xforce.iss.net/xforce/xfdb/71985 http://xforce.iss.net/xforce/xfdb/72001 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . SOLUTION: Filter malicious characters and character sequences using a proxy

Trust: 2.16

sources: NVD: CVE-2012-1417 // JVNDB: JVNDB-2012-006271 // BID: 52209 // PACKETSTORM: 110526 // PACKETSTORM: 110571 // PACKETSTORM: 110655

AFFECTED PRODUCTS

vendor:	yealink	model:	ip phone sip-t20p	scope:	eq	version:	-	Trust: 1.6
vendor:	yealink	model:	w52p	scope:	eq	version:	-	Trust: 1.6
vendor:	yealink	model:	ip video phone vp530	scope:	eq	version:	-	Trust: 1.6
vendor:	yealink	model:	ip phone sip-t22p	scope:	eq	version:	-	Trust: 1.6
vendor:	yealink	model:	ip phone sip-t26p	scope:	eq	version:	-	Trust: 1.6
vendor:	yealink	model:	ip phone sip-t28p	scope:	eq	version:	-	Trust: 1.6
vendor:	yealink	model:	ip phone sip-t19p	scope:	eq	version:	-	Trust: 1.6
vendor:	yealink	model:	gigabit color ip phone sip-t38g	scope:	eq	version:	-	Trust: 1.6
vendor:	yealink	model:	ip phone sip-t21p	scope:	eq	version:	-	Trust: 1.6
vendor:	yealink	model:	gigabit color ip phone sip-t32g	scope:	eq	version:	-	Trust: 1.6
vendor:	yealink	model:	ultra-elegant ip phone sip-t42g	scope:	eq	version:	-	Trust: 1.0
vendor:	yealink	model:	ultra-elegant ip phone sip-t46g	scope:	eq	version:	-	Trust: 1.0
vendor:	yealink	model:	ultra-elegant ip phone sip-t48g	scope:	eq	version:	-	Trust: 1.0
vendor:	yealink	model:	ultra-elegant ip phone sip-t41p	scope:	eq	version:	-	Trust: 1.0
vendor:	yealink	model:	business hd ip dect phone w52p	scope:	-	version:	-	Trust: 0.8
vendor:	yealink	model:	enterprise hd ip phone sip-t20p	scope:	-	version:	-	Trust: 0.8
vendor:	yealink	model:	enterprise hd ip phone sip-t22p	scope:	-	version:	-	Trust: 0.8
vendor:	yealink	model:	enterprise hd ip phone sip-t26p	scope:	-	version:	-	Trust: 0.8
vendor:	yealink	model:	enterprise hd ip phone sip-t28p	scope:	-	version:	-	Trust: 0.8
vendor:	yealink	model:	entry-level ip phone sip-t19p	scope:	-	version:	-	Trust: 0.8
vendor:	yealink	model:	entry-level ip phone sip-t21p	scope:	-	version:	-	Trust: 0.8
vendor:	yealink	model:	gigabit color ip phone sip-t32g	scope:	-	version:	-	Trust: 0.8
vendor:	yealink	model:	gigabit color ip phone sip-t38g	scope:	-	version:	-	Trust: 0.8
vendor:	yealink	model:	ip video phone vp530	scope:	-	version:	-	Trust: 0.8
vendor:	yealink	model:	ultra-elegant gigabit ip phone sip-t42g	scope:	-	version:	-	Trust: 0.8
vendor:	yealink	model:	ultra-elegant gigabit ip phone sip-t46g	scope:	-	version:	-	Trust: 0.8
vendor:	yealink	model:	ultra-elegant gigabit ip phone sip-t48g	scope:	-	version:	-	Trust: 0.8
vendor:	yealink	model:	ultra-elegant ip phone sip-t41p	scope:	-	version:	-	Trust: 0.8
vendor:	yealink	model:	network technology yealink voip phone	scope:	eq	version:	0	Trust: 0.3

sources: BID: 52209 // JVNDB: JVNDB-2012-006271 // CNNVD: CNNVD-201202-515 // NVD: CVE-2012-1417

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-1417
value:	LOW
Trust: 1.0
NVD:	CVE-2012-1417
value:	LOW
Trust: 0.8
CNNVD:	CNNVD-201202-515
value:	LOW
Trust: 0.6

nvd@nist.gov:	CVE-2012-1417
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2012-006271 // CNNVD: CNNVD-201202-515 // NVD: CVE-2012-1417

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2012-006271 // NVD: CVE-2012-1417

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201202-515

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201202-515

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-006271

PATCH

title:	Entry-level IP Phone SIP-T19P	url:	http://www.yealink.com/product_info.aspx?ProductsCateID=334&CateId=147&BaseInfoCateId=334&Cate_Id=334&parentcateid=147	Trust: 0.8
title:	Ultra-elegant Gigabit IP Phone SIP-T42G	url:	http://www.yealink.com/product_info.aspx?ProductsCateID=312&CateId=147&BaseInfoCateId=312&Cate_Id=312&parentcateid=147	Trust: 0.8
title:	Enterprise HD IP Phone SIP-T20P	url:	http://www.yealink.com/product_info.aspx?ProductsCateID=187&CateId=147&BaseInfoCateId=187&Cate_Id=187&parentcateid=147	Trust: 0.8
title:	Ultra-elegant Gigabit IP Phone SIP-T46G	url:	http://www.yealink.com/product_info.aspx?ProductsCateID=310&CateId=147&BaseInfoCateId=310&Cate_Id=310&parentcateid=147	Trust: 0.8
title:	Entry-level IP Phone SIP-T21P	url:	http://www.yealink.com/product_info.aspx?ProductsCateID=333&CateId=147&BaseInfoCateId=333&Cate_Id=333&parentcateid=147	Trust: 0.8
title:	Ultra-elegant Gigabit IP Phone SIP-T48G	url:	http://www.yealink.com/product_info.aspx?ProductsCateID=1206&CateId=147&BaseInfoCateId=1206&Cate_Id=1206&parentcateid=147	Trust: 0.8
title:	Enterprise HD IP Phone SIP-T22P	url:	http://www.yealink.com/product_info.aspx?ProductsCateID=186&CateId=147&BaseInfoCateId=186&Cate_Id=186&parentcateid=147	Trust: 0.8
title:	Business HD IP DECT Phone W52P	url:	http://www.yealink.com/product_info.aspx?ProductsCateID=308	Trust: 0.8
title:	Enterprise HD IP Phone SIP-T26P	url:	http://www.yealink.com/product_info.aspx?ProductsCateID=185&CateId=147&BaseInfoCateId=185&Cate_Id=185&parentcateid=147	Trust: 0.8
title:	Gigabit Color IP Phone SIP-T38G	url:	http://www.yealink.com/product_info.aspx?ProductsCateID=182&CateId=147&BaseInfoCateId=182&Cate_Id=182&parentcateid=147	Trust: 0.8
title:	Enterprise HD IP Phone SIP-T28P	url:	http://www.yealink.com/product_info.aspx?ProductsCateID=184&CateId=147&BaseInfoCateId=184&Cate_Id=184&parentcateid=147	Trust: 0.8
title:	IP Video Phone VP530	url:	http://www.yealink.com/product_info.aspx?parentcateid=146&ProductsCateID=180&cateid=180&ProductsID=27	Trust: 0.8
title:	Gigabit Color IP Phone SIP-T32G	url:	http://www.yealink.com/product_info.aspx?ProductsCateID=183&CateId=147&BaseInfoCateId=183&Cate_Id=183&parentcateid=147	Trust: 0.8
title:	Ultra-elegant IP Phone SIP-T41P	url:	http://www.yealink.com/product_info.aspx?ProductsCateID=313&CateId=147&BaseInfoCateId=313&Cate_Id=313&parentcateid=147	Trust: 0.8

sources: JVNDB: JVNDB-2012-006271

EXTERNAL IDS

db:	NVD	id:	CVE-2012-1417	Trust: 2.7
db:	PACKETSTORM	id:	110320	Trust: 2.4
db:	BID	id:	52209	Trust: 1.9
db:	SECUNIA	id:	48194	Trust: 1.8
db:	EXPLOIT-DB	id:	18540	Trust: 1.7
db:	OSVDB	id:	79675	Trust: 1.6
db:	JVNDB	id:	JVNDB-2012-006271	Trust: 0.8
db:	SECUNIA	id:	48299	Trust: 0.8
db:	XF	id:	73573	Trust: 0.6
db:	CNNVD	id:	CNNVD-201202-515	Trust: 0.6
db:	XF	id:	72612	Trust: 0.2
db:	XF	id:	72000	Trust: 0.2
db:	XF	id:	72004	Trust: 0.2
db:	XF	id:	71985	Trust: 0.2
db:	XF	id:	72001	Trust: 0.2
db:	SECUNIA	id:	48305	Trust: 0.2
db:	PACKETSTORM	id:	110526	Trust: 0.1
db:	XF	id:	72006	Trust: 0.1
db:	XF	id:	71999	Trust: 0.1
db:	XF	id:	71996	Trust: 0.1
db:	XF	id:	72008	Trust: 0.1
db:	PACKETSTORM	id:	110571	Trust: 0.1
db:	PACKETSTORM	id:	110655	Trust: 0.1

sources: BID: 52209 // JVNDB: JVNDB-2012-006271 // PACKETSTORM: 110526 // PACKETSTORM: 110571 // PACKETSTORM: 110655 // CNNVD: CNNVD-201202-515 // NVD: CVE-2012-1417

REFERENCES

url:	http://archives.neohapsis.com/archives/bugtraq/2012-03/0056.html	Trust: 1.6
url:	http://packetstormsecurity.org/files/110320/yealink-xss.txt	Trust: 1.6
url:	http://www.exploit-db.com/exploits/18540	Trust: 1.6
url:	http://www.osvdb.org/79675	Trust: 1.6
url:	http://www.securityfocus.com/bid/52209	Trust: 1.6
url:	http://secunia.com/advisories/48194	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/73573	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-1417	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-1417	Trust: 0.8
url:	http://packetstormsecurity.com/files/110320/yealink-xss.txt	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/73573	Trust: 0.6
url:	http://secunia.com/advisories/48299	Trust: 0.6
url:	http://www.vulnerability-lab.com/get_content.php?id=461	Trust: 0.3
url:	http://www.osqa.net/learn-more/	Trust: 0.3
url:	/archive/1/521798	Trust: 0.3
url:	http://secunia.com/psi_30_beta_launch	Trust: 0.3
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.3
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.3
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.3
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.3
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.3
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.3
url:	http://xforce.iss.net/xforce/xfdb/72000	Trust: 0.2
url:	http://www.ibm.com/support/docview.wss?uid=swg21584666	Trust: 0.2
url:	http://xforce.iss.net/xforce/xfdb/72001	Trust: 0.2
url:	http://xforce.iss.net/xforce/xfdb/71985	Trust: 0.2
url:	http://xforce.iss.net/xforce/xfdb/72612	Trust: 0.2
url:	http://xforce.iss.net/xforce/xfdb/72004	Trust: 0.2
url:	http://secunia.com/advisories/48305/	Trust: 0.1
url:	http://secunia.com/advisories/48305/#comments	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=48305	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=48299	Trust: 0.1
url:	http://xforce.iss.net/xforce/xfdb/72006	Trust: 0.1
url:	http://secunia.com/advisories/48299/	Trust: 0.1
url:	http://xforce.iss.net/xforce/xfdb/71996	Trust: 0.1
url:	http://xforce.iss.net/xforce/xfdb/71999	Trust: 0.1
url:	http://secunia.com/advisories/48299/#comments	Trust: 0.1
url:	http://xforce.iss.net/xforce/xfdb/72008	Trust: 0.1
url:	http://www.exploit-db.com/exploits/18540/	Trust: 0.1
url:	http://secunia.com/advisories/48194/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=48194	Trust: 0.1
url:	http://secunia.com/advisories/48194/#comments	Trust: 0.1

sources: BID: 52209 // JVNDB: JVNDB-2012-006271 // PACKETSTORM: 110526 // PACKETSTORM: 110571 // PACKETSTORM: 110655 // CNNVD: CNNVD-201202-515 // NVD: CVE-2012-1417

CREDITS

Narendra Shinde

Trust: 0.9

sources: BID: 52209 // CNNVD: CNNVD-201202-515

SOURCES

db:	BID	id:	52209
db:	JVNDB	id:	JVNDB-2012-006271
db:	PACKETSTORM	id:	110526
db:	PACKETSTORM	id:	110571
db:	PACKETSTORM	id:	110655
db:	CNNVD	id:	CNNVD-201202-515
db:	NVD	id:	CVE-2012-1417

LAST UPDATE DATE

2025-04-13T23:10:27.352000+00:00

SOURCES UPDATE DATE

db:	BID	id:	52209	date:	2012-02-29T00:00:00
db:	JVNDB	id:	JVNDB-2012-006271	date:	2014-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201202-515	date:	2014-09-18T00:00:00
db:	NVD	id:	CVE-2012-1417	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	BID	id:	52209	date:	2012-02-29T00:00:00
db:	JVNDB	id:	JVNDB-2012-006271	date:	2014-09-18T00:00:00
db:	PACKETSTORM	id:	110526	date:	2012-03-07T03:04:05
db:	PACKETSTORM	id:	110571	date:	2012-03-08T07:44:51
db:	PACKETSTORM	id:	110655	date:	2012-03-11T05:32:29
db:	CNNVD	id:	CNNVD-201202-515	date:	2012-02-29T00:00:00
db:	NVD	id:	CVE-2012-1417	date:	2014-09-17T14:55:02.963