CVE-2015-0670
6.4
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:N
Exploitability: 10.0 / Impact: 4.9
Source: NVD
Description
The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.
Affected (15)
Products: Cisco: Spa500 Firmware, Spa 501g 8 Line Ip Phone, Spa 502g 1 Line Ip Phone, Spa 504g 4 Line Ip Phone, Spa 508g 8 Line Ip Phone, Spa 509g 12 Line Ip Phone, Spa 512g 1 Line Ip Phone, Spa 514g 4 Line Ip Phone, Spa 525g2 5 Line Ip Phone, Spa 525g 5 Line Ip Phone, Spa300 Firmware, Spa 301 1 Line Ip Phone, Spa 302d, Spa 302dkit, Spa 303 3 Line Ip Phone
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 7.5.5 | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 7.5.5 | |
| All versions | |
| All versions | |
| All versions | |
| All versions |
References (4)
Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.