CVE: CVE-2009-1048

Export to Word

The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00923
Percentile: 0.75022

CVSS Scoring

CVSS v3.1 Score: 9.8

Severity: CRITICAL

Mapped CWE(s)

CWE-290 : Authentication Bypass by Spoofing

All CAPEC(s)

CAPEC-21: Exploitation of Trusted Identifiers
CAPEC-22: Exploiting Trust in Client
CAPEC-459: Creating a Rogue Certification Authority Certificate
CAPEC-461: Web Services API Signature Forgery Leveraging Hash Function Extension Weakness
CAPEC-473: Signature Spoof
CAPEC-476: Signature Spoofing by Misrepresentation
CAPEC-59: Session Credential Falsification through Prediction
CAPEC-60: Reusing Session IDs (aka Session Replay)
CAPEC-667: Bluetooth Impersonation AttackS (BIAS)
CAPEC-94: Adversary in the Middle (AiTM)

CAPEC(s) with Mapped TTPs

CAPEC-21: Exploitation of Trusted Identifiers
Mapped TTPs:
- T1134 : Access Token Manipulation
- T1528 : Steal Application Access Token
- T1539 : Steal Web Session Cookie
CAPEC-473: Signature Spoof
Mapped TTPs:
- T1036.001 : Invalid Code Signature
- T1553.002 : Code Signing
CAPEC-60: Reusing Session IDs (aka Session Replay)
Mapped TTPs:
- T1134.001 : Token Impersonation/Theft
- T1550.004 : Web Session Cookie
CAPEC-94: Adversary in the Middle (AiTM)
Mapped TTPs:
- T1557 : Adversary-in-the-Middle

Mapped ATT&CK TTPs

T1134 : Access Token Manipulation
Kill Chain: defense-evasion
T1528 : Steal Application Access Token
Kill Chain: credential-access
T1539 : Steal Web Session Cookie
Kill Chain: credential-access
T1036.001 : Invalid Code Signature
Kill Chain: defense-evasion
T1553.002 : Code Signing
Kill Chain: defense-evasion
T1134.001 : Token Impersonation/Theft
Kill Chain: defense-evasion
T1550.004 : Web Session Cookie
Kill Chain: defense-evasion
T1557 : Adversary-in-the-Middle
Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

APT41 DUST
ArcaneDoor
SolarWinds Compromise
Operation Honeybee
RedDelta Modified PlugX Infection Chain Operations
Operation Dream Job
C0015
Leviathan Australian Intrusions
HomeLand Justice
C0017

Affected Products

cpe:2.3:o:snom:snom_300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_820_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_820_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_820_firmware:*:*:*:*:*:*:*:*

← Back to Home