← Back

CVE-2012-0333

nvd nist
Published: May 2, 2012Modified: Apr 29, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:N/I:P/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.

Affected (12)

Cisco
2 products
Small Business Ip Phone Firmware
Small Business Ip Phone
Configuration A
12 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Small Business Ip Phone Firmware
Up to 7.4.9
Small Business Ip Phone Firmware
Version 7.1.7
Small Business Ip Phone Firmware
Version 7.2.5
Small Business Ip Phone Firmware
Version 7.3.5
Small Business Ip Phone Firmware
Version 7.4.3
Small Business Ip Phone Firmware
Version 7.4.4
Small Business Ip Phone Firmware
Version 7.4.5
Small Business Ip Phone Firmware
Version 7.4.6
Small Business Ip Phone Firmware
Version 7.4.7
Small Business Ip Phone Firmware
Version 7.4.8
Cisco
Small Business Ip Phone
Version spa525g2
Small Business Ip Phone
Version spa525g

Related CWEs

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (4)

Source: psirt@cisco.com
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.