CVE-2014-3312
First published: Wed Jul 09 2014(Updated: )
The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco SPA 301 1-line IP Phone | ||
| Cisco SPA300 Series IP Phone | ||
| Cisco SPA 501G | ||
| Cisco SPA 502G 1-Line IP Phone | ||
| Cisco SPA 504G | ||
| Cisco SPA500 series IP phone | ||
| Cisco SPA 509g 12-line IP Phone | ||
| Cisco SPA 512G 1-line IP Phone | ||
| Cisco SPA514G | ||
| Cisco SPA 525g 5-Line IP Phone | ||
| Cisco SPA 525G2 5-Line IP Phone | ||
| Cisco SPA 901 1-Line IP Phone | ||
| Cisco SPA 922 1-Line IP Phone with 1-Port Ethernet | ||
| Cisco SPA941 4-Line IP Phone | ||
| Cisco SPA942 4-Line IP Phone | ||
| Cisco SPA 962 IP Phone |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-3312?
The severity of CVE-2014-3312 is rated as high due to potential unauthorized access and command execution.
How do I fix CVE-2014-3312?
To fix CVE-2014-3312, ensure that the firmware of affected Cisco Small Business phones is updated to the latest version released by Cisco.
Which devices are affected by CVE-2014-3312?
CVE-2014-3312 affects several Cisco Small Business SPA series phones, including SPA301, SPA303, SPA501G, SPA502G, and others.
What are the risks associated with CVE-2014-3312?
The risks associated with CVE-2014-3312 include local users executing arbitrary debug-shell commands and the ability to read or modify sensitive data.
Can CVE-2014-3312 be exploited remotely?
CVE-2014-3312 requires local access to the device to exploit, making remote exploitation unlikely.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco spa 301 1-line ip phone
- canonical/cisco spa300 series ip phone
- canonical/cisco spa 501g
- canonical/cisco spa 502g 1-line ip phone
- canonical/cisco spa 504g
- canonical/cisco spa500 series ip phone
- canonical/cisco spa 509g 12-line ip phone
- canonical/cisco spa 512g 1-line ip phone
- canonical/cisco spa514g
- canonical/cisco spa 525g 5-line ip phone
- canonical/cisco spa 525g2 5-line ip phone
- canonical/cisco spa 901 1-line ip phone
- canonical/cisco spa 922 1-line ip phone with 1-port ethernet
- canonical/cisco spa941 4-line ip phone
- canonical/cisco spa942 4-line ip phone
- canonical/cisco spa 962 ip phone