What is the severity of CVE-2015-0670?

CVE-2015-0670 is a high-severity vulnerability that allows remote attackers to read audio-stream data and make calls.

How do I fix CVE-2015-0670?

To fix CVE-2015-0670, update the firmware of affected Cisco Small Business IP phones to the latest version.

What are the affected products in CVE-2015-0670?

CVE-2015-0670 affects Cisco Small Business IP phones including SPA 300 and SPA 500 Series running firmware version 7.5.5.

Are there any workarounds for CVE-2015-0670?

While the best solution is to update firmware, disabling remote management can help mitigate the impact of CVE-2015-0670.

Can CVE-2015-0670 be exploited remotely?

Yes, CVE-2015-0670 can be exploited remotely through specially crafted XML requests.

Vulnerability/
CVE-2015-0670

medium

6.4

CWE

287

21/3/2015

22/10/2015

CVE-2015-0670

First published: Sat Mar 21 2015(Updated: )

The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco SPA 500 Series IP Phone Firmware	=7.5.5
Cisco SPA 501G
Cisco SPA 502G 1-Line IP Phone
Cisco SPA 504G
Cisco SPA500 series IP phone
Cisco SPA 509g 12-line IP Phone
Cisco SPA 512G 1-line IP Phone
Cisco SPA514G
Cisco SPA 525g 5-Line IP Phone
Cisco SPA 525G2 5-Line IP Phone
Cisco SPA300 Firmware	=7.5.5
Cisco SPA 301 1-line IP Phone
Cisco SPA 302D
Cisco SPA 302d
Cisco SPA300 Series IP Phone

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-0670?
CVE-2015-0670 is a high-severity vulnerability that allows remote attackers to read audio-stream data and make calls.
How do I fix CVE-2015-0670?
To fix CVE-2015-0670, update the firmware of affected Cisco Small Business IP phones to the latest version.
What are the affected products in CVE-2015-0670?
CVE-2015-0670 affects Cisco Small Business IP phones including SPA 300 and SPA 500 Series running firmware version 7.5.5.
Are there any workarounds for CVE-2015-0670?
While the best solution is to update firmware, disabling remote management can help mitigate the impact of CVE-2015-0670.
Can CVE-2015-0670 be exploited remotely?
Yes, CVE-2015-0670 can be exploited remotely through specially crafted XML requests.

agent/references
agent/type
agent/last-modified-date
agent/first-publish-date
agent/severity
agent/weakness
agent/author
agent/description
agent/softwarecombine
agent/tags
agent/event
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco spa 500 series ip phone firmware
version/cisco spa 500 series ip phone firmware/7.5.5
canonical/cisco spa 501g
canonical/cisco spa 502g 1-line ip phone
canonical/cisco spa 504g
canonical/cisco spa500 series ip phone
canonical/cisco spa 509g 12-line ip phone
canonical/cisco spa 512g 1-line ip phone
canonical/cisco spa514g
canonical/cisco spa 525g 5-line ip phone
canonical/cisco spa 525g2 5-line ip phone
canonical/cisco spa300 firmware
version/cisco spa300 firmware/7.5.5
canonical/cisco spa 301 1-line ip phone
canonical/cisco spa 302d
canonical/cisco spa300 series ip phone

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.