What is the severity of CVE-2011-2545?

CVE-2011-2545 is rated as a medium severity vulnerability.

How do I fix CVE-2011-2545?

To fix CVE-2011-2545, upgrade affected Cisco devices to the latest firmware version available for your device model.

What systems are affected by CVE-2011-2545?

CVE-2011-2545 affects Cisco SPA8000, SPA8800, SPA2102, SPA3102, and SPA500 series IP phones.

What type of vulnerability is CVE-2011-2545?

CVE-2011-2545 is a cross-site scripting (XSS) vulnerability.

Can CVE-2011-2545 be exploited remotely?

Yes, CVE-2011-2545 can be exploited remotely through an injected web script in the FROM field of an INVITE message.

Vulnerability/
CVE-2011-2545

medium

4.3

CWE

13/6/2012

17/9/2024

CVE-2011-2545: XSS

First published: Wed Jun 13 2012(Updated: )

Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco SPA8000 8-port IP Telephony Gateway	<=6.1.10
Cisco SPA8000 8-port IP Telephony Gateway	=5.1.12
Cisco SPA8000 8-port IP Telephony Gateway	=6.1.3
Cisco SPA8000 8-port ip telephony gateway firmware
Cisco SPA8800 IP Telephony Gateway	<=6.1.7
Cisco SPA8800 IP Telephony Gateway
Cisco SPA2102 Phone Adapter with Router	<=5.2.12
Cisco SPA2102 Phone Adapter with Router	=5.2.3
Cisco SPA2102 Phone Adapter with Router	=5.2.5
Cisco SPA2102 Phone Adapter with Router	=5.2.10
Cisco SPA2102 Phone Adapter with Router
Cisco SPA3102 Voice Gateway with Router	<=5.1.10
Cisco SPA3102 Voice Gateway with Router	=3.3.6
Cisco SPA3102 Voice Gateway with Router	=5.1.7
Cisco SPA3102 Voice Gateway with Router
Cisco SPA500 Series IP Phones firmware	<=7.4.8
Cisco SPA500 Series IP Phones firmware	=7.3.7
Cisco SPA500 Series IP Phones firmware	=7.4.3
Cisco SPA500 Series IP Phones firmware	=7.4.4
Cisco SPA500 Series IP Phones firmware	=7.4.6
Cisco SPA500 Series IP Phones firmware	=7.4.7
Cisco SPA 501G
Cisco SPA 502G 1-Line IP Phone
Cisco SPA 504G
Cisco SPA500 series IP phone
Cisco SPA 509G
Cisco SPA 512G 1-line IP Phone
Cisco SPA514G
Cisco SPA 525G2 5-Line IP Phone
Cisco SPA 525g2 5-line IP Phone

Never miss a vulnerability like this again

Reference Links

http://tools.cisco.com/security/center/viewAlert.x?alertId=26037

Frequently Asked Questions

What is the severity of CVE-2011-2545?
CVE-2011-2545 is rated as a medium severity vulnerability.
How do I fix CVE-2011-2545?
To fix CVE-2011-2545, upgrade affected Cisco devices to the latest firmware version available for your device model.
What systems are affected by CVE-2011-2545?
CVE-2011-2545 affects Cisco SPA8000, SPA8800, SPA2102, SPA3102, and SPA500 series IP phones.
What type of vulnerability is CVE-2011-2545?
CVE-2011-2545 is a cross-site scripting (XSS) vulnerability.
Can CVE-2011-2545 be exploited remotely?
Yes, CVE-2011-2545 can be exploited remotely through an injected web script in the FROM field of an INVITE message.

collector/nvd-historical
agent/type
agent/severity
agent/weakness
agent/author
agent/references
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco spa8000 8-port ip telephony gateway
version/cisco spa8000 8-port ip telephony gateway/6.1.10
version/cisco spa8000 8-port ip telephony gateway/5.1.12
version/cisco spa8000 8-port ip telephony gateway/6.1.3
canonical/cisco spa8000 8-port ip telephony gateway firmware
canonical/cisco spa8800 ip telephony gateway
version/cisco spa8800 ip telephony gateway/6.1.7
canonical/cisco spa2102 phone adapter with router
version/cisco spa2102 phone adapter with router/5.2.12
version/cisco spa2102 phone adapter with router/5.2.3
version/cisco spa2102 phone adapter with router/5.2.5
version/cisco spa2102 phone adapter with router/5.2.10
canonical/cisco spa3102 voice gateway with router
version/cisco spa3102 voice gateway with router/5.1.10
version/cisco spa3102 voice gateway with router/3.3.6
version/cisco spa3102 voice gateway with router/5.1.7
canonical/cisco spa500 series ip phones firmware
version/cisco spa500 series ip phones firmware/7.4.8
version/cisco spa500 series ip phones firmware/7.3.7
version/cisco spa500 series ip phones firmware/7.4.3
version/cisco spa500 series ip phones firmware/7.4.4
version/cisco spa500 series ip phones firmware/7.4.6
version/cisco spa500 series ip phones firmware/7.4.7
canonical/cisco spa 501g
canonical/cisco spa 502g 1-line ip phone
canonical/cisco spa 504g
canonical/cisco spa500 series ip phone
canonical/cisco spa 509g
canonical/cisco spa 512g 1-line ip phone
canonical/cisco spa514g
canonical/cisco spa 525g2 5-line ip phone