CVE-2015-0670
First published: Sat Mar 21 2015(Updated: )
The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Spa500 Firmware | =7.5.5 | |
| Cisco Spa 501g 8-line Ip Phone | ||
| Cisco Spa 502g 1-line Ip Phone | ||
| Cisco Spa 504g 4-line Ip Phone | ||
| Cisco Spa 508g 8-line Ip Phone | ||
| Cisco Spa 509g 12-line Ip Phone | ||
| Cisco Spa 512g 1-line Ip Phone | ||
| Cisco Spa 514g 4-line Ip Phone | ||
| Cisco Spa 525g 5-line Ip Phone | ||
| Cisco Spa 525g2 5-line Ip Phone | ||
| Cisco Spa300 Firmware | =7.5.5 | |
| Cisco Spa 301 1 Line Ip Phone | ||
| Cisco Spa 302d | ||
| Cisco Spa 302dkit | ||
| Cisco Spa 303 3 Line Ip Phone |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/cisco
- canonical/cisco spa500 firmware
- version/cisco spa500 firmware/7.5.5
- canonical/cisco spa 501g 8-line ip phone
- canonical/cisco spa 502g 1-line ip phone
- canonical/cisco spa 504g 4-line ip phone
- canonical/cisco spa 508g 8-line ip phone
- canonical/cisco spa 509g 12-line ip phone
- canonical/cisco spa 512g 1-line ip phone
- canonical/cisco spa 514g 4-line ip phone
- canonical/cisco spa 525g 5-line ip phone
- canonical/cisco spa 525g2 5-line ip phone
- canonical/cisco spa300 firmware
- version/cisco spa300 firmware/7.5.5
- canonical/cisco spa 301 1 line ip phone
- canonical/cisco spa 302d
- canonical/cisco spa 302dkit
- canonical/cisco spa 303 3 line ip phone