CVE-2015-6403

CVE Database · CVE-2015-6403

CVE-2015-6403

· N/AModified

CVSS v3.1

N/A

EPSS

0.38%

Published

Dec 15, 2015

Modified

May 6, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.

Weaknesses (CWE)

CWE-20

Affected Products (14)

cisco · spa500_firmwarevulnerable

cisco · spa_500ds

cisco · spa_500s

cisco · spa_501g

cisco · spa_502g

cisco · spa_504g

cisco · spa_508g

cisco · spa_509g

cisco · spa_512g

cisco · spa_514g

cisco · spa_525g2

cisco · spa300_firmwarevulnerable

cisco · spa_301

References (6)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp

Vendor Advisory

http://www.securityfocus.com/bid/78739

http://www.securitytracker.com/id/1034376

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp

Vendor Advisory

http://www.securityfocus.com/bid/78739

http://www.securitytracker.com/id/1034376

KEV Catalog EPSS Scores Vendors All CVEs