CVE-2014-3312
6.9
Vector
AV:L/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 3.4 / Impact: 10.0
Source: NVD
Description
The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.
Affected (16)
Products: Cisco: Spa901 1 Line Ip Phone, Spa922 1 Line Ip Phone With 1 Port Ethernet, Spa941 4 Line Ip Phone With 1 Port Ethernet, Spa942 4 Line Ip Phone With 2 Port Switch, Spa962 6 Line Ip Phone With 2 Port Switch, Spa 301 1 Line Ip Phone, Spa 303 3 Line Ip Phone, Spa 501g 8 Line Ip Phone, Spa 502g 1 Line Ip Phone, Spa 504g 4 Line Ip Phone, Spa 508g 8 Line Ip Phone, Spa 509g 12 Line Ip Phone, Spa 512g 1 Line Ip Phone, Spa 514g 4 Line Ip Phone, Spa 525g2 5 Line Ip Phone, Spa 525g 5 Line Ip Phone
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
References (8)
Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.