CVE-2009-1048

The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header.
References
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:snom:snom_300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:snom:snom_320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:snom:snom_360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
OR cpe:2.3:o:snom:snom_370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_370:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:snom:snom_820_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_820_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_820_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_820:-:*:*:*:*:*:*:*

History

13 Feb 2024, 17:38

Type Values Removed Values Added
CVSS v2 : 10.0
v3 : unknown
v2 : 10.0
v3 : 9.8
First Time Snom snom 320 Firmware
Snom snom 300 Firmware
Snom snom 820
Snom snom 370 Firmware
Snom snom 360 Firmware
Snom snom 820 Firmware
CWE CWE-287 CWE-290
CPE cpe:2.3:h:snom:snom_300:6.5.13:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:7.1.30:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:6.5.17:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_370:7.1.35:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:6.5.15:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:7.3.10a:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:7.3.4:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:7.1.33:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:7.3.7:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_370:7.3.4:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:6.5.2:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:6.5.16:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:6.5.13:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:7.3.4:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:6.5.15:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_370:7.3.7:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:6.5.2:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:7.1.33:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:6.5.2:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:6.5.17:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_370:7.1.30:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:7.1.33:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:7.1.35:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:7.3.10a:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:7.3.4:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:6.5.8:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:6.5.8:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:7.1.35:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:7.1.30:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:7.3.7:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:6.5.16:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:7.3.7:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:6.5.8:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_370:7.3.10a:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:7.1.35:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_370:7.1.33:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:6.5.17:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:7.1.30:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:6.5.16:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:6.5.13:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_320_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_300:-:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_370_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_820_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_300_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_320:-:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_360:-:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_370:-:*:*:*:*:*:*:*
cpe:2.3:o:snom:snom_360_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:snom:snom_820:-:*:*:*:*:*:*:*
References (SECUNIA) http://secunia.com/advisories/36293 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/36293 - Broken Link, Vendor Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/52424 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/52424 - Third Party Advisory, VDB Entry
References (BUGTRAQ) http://www.securityfocus.com/archive/1/505723/100/0/threaded - (BUGTRAQ) http://www.securityfocus.com/archive/1/505723/100/0/threaded - Broken Link, Third Party Advisory, VDB Entry
References (MISC) http://www.csnc.ch/misc/files/advisories/cve-2009-1048.txt - (MISC) http://www.csnc.ch/misc/files/advisories/cve-2009-1048.txt - Broken Link

Information

Published : 2009-08-14 15:16

Updated : 2024-02-28 11:21


NVD link : CVE-2009-1048

Mitre link : CVE-2009-1048

CVE.ORG link : CVE-2009-1048


JSON object : View

Products Affected

snom

  • snom_820_firmware
  • snom_360
  • snom_300
  • snom_370
  • snom_370_firmware
  • snom_320_firmware
  • snom_360_firmware
  • snom_300_firmware
  • snom_820
  • snom_320
CWE
CWE-290

Authentication Bypass by Spoofing