CVE-2009-1048

The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:snom:snom_300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:snom:snom_320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:snom:snom_360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:snom:snom_370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_370:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:snom:snom_820_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_820_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_820_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_820:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:01

Type Values Removed Values Added
References () http://secunia.com/advisories/36293 - Broken Link, Vendor Advisory () http://secunia.com/advisories/36293 - Broken Link, Vendor Advisory
References () http://www.csnc.ch/misc/files/advisories/cve-2009-1048.txt - Broken Link () http://www.csnc.ch/misc/files/advisories/cve-2009-1048.txt - Broken Link
References () http://www.securityfocus.com/archive/1/505723/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/archive/1/505723/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/52424 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/52424 - Third Party Advisory, VDB Entry

13 Feb 2024, 17:38

Type Values Removed Values Added
References () http://secunia.com/advisories/36293 - Vendor Advisory () http://secunia.com/advisories/36293 - Broken Link, Vendor Advisory
References () http://www.csnc.ch/misc/files/advisories/cve-2009-1048.txt - () http://www.csnc.ch/misc/files/advisories/cve-2009-1048.txt - Broken Link
References () http://www.securityfocus.com/archive/1/505723/100/0/threaded - () http://www.securityfocus.com/archive/1/505723/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/52424 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/52424 - Third Party Advisory, VDB Entry
First Time Snom snom 820 Firmware
Snom snom 300 Firmware
Snom snom 370 Firmware
Snom snom 320 Firmware
Snom snom 820
Snom snom 360 Firmware
CWE CWE-287 CWE-290
CPE cpe:2.3:h:snom:snom_300:7.1.30:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:6.5.2:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:7.3.7:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:7.3.4:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_370:7.1.33:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:7.1.35:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_370:7.1.35:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_370:7.3.10a:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:6.5.15:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_370:7.3.4:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:6.5.17:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:6.5.2:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:6.5.13:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:6.5.2:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:6.5.16:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:7.3.4:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:6.5.17:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:6.5.15:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:6.5.16:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:7.3.7:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:7.1.35:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:6.5.8:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:7.1.30:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:7.1.35:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:6.5.8:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:7.3.10a:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:6.5.13:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:7.3.10a:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:6.5.17:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:7.1.33:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:7.1.33:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:7.1.33:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_370:7.1.30:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_370:7.3.7:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:6.5.8:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:7.1.30:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:7.3.4:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:6.5.13:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:6.5.16:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:7.3.7:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:-:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_370:-:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:-:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_820:-:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_820_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:-:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_370_firmware:*:*:*:*:*:*:*:*
CVSS v2 : 10.0
v3 : unknown
v2 : 10.0
v3 : 9.8

Information

Published : 2009-08-14 15:16

Updated : 2024-11-21 01:01


NVD link : CVE-2009-1048

Mitre link : CVE-2009-1048

CVE.ORG link : CVE-2009-1048


JSON object : View

Products Affected

snom

  • snom_820_firmware
  • snom_370
  • snom_300_firmware
  • snom_360_firmware
  • snom_820
  • snom_370_firmware
  • snom_360
  • snom_320
  • snom_320_firmware
  • snom_300
CWE
CWE-290

Authentication Bypass by Spoofing