Cisco Unified IP Phones 7900 Series devices contain a vulnerability that could allow an authenticated, local attacker to load a software image without verification.
The vulnerability is due to insecure security checks on software images. An authenticated, local attacker could exploit this vulnerability to bypass signature verification and load a software image on a targeted device.
Cisco has confirmed this vulnerability in a security advisory and has released updated software.
A potential attacker would need to authenticate to an affected device, which would likely require an attacker to gain access to an internal, trusted network. These factors could mitigate a possible attack.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.