Lucene search

[email protected]CVE-2012-0333

HistoryMay 02, 2012 - 10:09 a.m.

CVE-2012-0333

2012-05-0210:09:21

CWE-287

[email protected]

web.nvd.nist.gov

cisco

ip phones

spa 500 series

authentication bypass

remote attack

xml

cve-2012-0333

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.8%

JSON

Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.

Affected configurations

NVD

Node

ciscosmall_business_ip_phone_firmwareRange≤7.4.9

ciscosmall_business_ip_phone_firmwareMatch7.1.7

ciscosmall_business_ip_phone_firmwareMatch7.2.5

ciscosmall_business_ip_phone_firmwareMatch7.3.5

ciscosmall_business_ip_phone_firmwareMatch7.4.3

ciscosmall_business_ip_phone_firmwareMatch7.4.4

ciscosmall_business_ip_phone_firmwareMatch7.4.5

ciscosmall_business_ip_phone_firmwareMatch7.4.6

ciscosmall_business_ip_phone_firmwareMatch7.4.7

ciscosmall_business_ip_phone_firmwareMatch7.4.8

AND

ciscosmall_business_ip_phoneMatchspa525g

ciscosmall_business_ip_phoneMatchspa525g2

CPENameOperatorVersion
cisco:small_business_ip_phone_firmwarecisco small business ip phone firmwarele7.4.9
cisco:small_business_ip_phone_firmwarecisco small business ip phone firmwareeq7.1.7
cisco:small_business_ip_phone_firmwarecisco small business ip phone firmwareeq7.2.5
cisco:small_business_ip_phone_firmwarecisco small business ip phone firmwareeq7.3.5
cisco:small_business_ip_phone_firmwarecisco small business ip phone firmwareeq7.4.3
cisco:small_business_ip_phone_firmwarecisco small business ip phone firmwareeq7.4.4
cisco:small_business_ip_phone_firmwarecisco small business ip phone firmwareeq7.4.5
cisco:small_business_ip_phone_firmwarecisco small business ip phone firmwareeq7.4.6
cisco:small_business_ip_phone_firmwarecisco small business ip phone firmwareeq7.4.7
cisco:small_business_ip_phone_firmwarecisco small business ip phone firmwareeq7.4.8

CPE	Name	Operator	Version
cisco:small_business_ip_phone_firmware	cisco small business ip phone firmware	le	7.4.9
cisco:small_business_ip_phone_firmware	cisco small business ip phone firmware	eq	7.1.7
cisco:small_business_ip_phone_firmware	cisco small business ip phone firmware	eq	7.2.5
cisco:small_business_ip_phone_firmware	cisco small business ip phone firmware	eq	7.3.5
cisco:small_business_ip_phone_firmware	cisco small business ip phone firmware	eq	7.4.3
cisco:small_business_ip_phone_firmware	cisco small business ip phone firmware	eq	7.4.4
cisco:small_business_ip_phone_firmware	cisco small business ip phone firmware	eq	7.4.5
cisco:small_business_ip_phone_firmware	cisco small business ip phone firmware	eq	7.4.6
cisco:small_business_ip_phone_firmware	cisco small business ip phone firmware	eq	7.4.7
cisco:small_business_ip_phone_firmware	cisco small business ip phone firmware	eq	7.4.8

Rows per page:

1-10 of 121

References

www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf

www.securitytracker.com/id?1027012

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.3 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.8%

JSON

Related for CVE-2012-0333

nvd1 prion1 cvelist1