Lucene search
HistoryMar 21, 2015 - 1:59 a.m.
CVE-2015-0670
cisco
small business
ip phones
spa 300
spa 500
authentication bypass
bug id cscuo52482
cve-2015-0670
nvd
6.8 Medium
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
71.5%
The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.
Affected configurations
Node
ciscospa500_firmwareMatch7.5.5
ciscospa_501g_8-line_ip_phone
ORciscospa_502g_1-line_ip_phone
ORciscospa_504g_4-line_ip_phone
ORciscospa_508g_8-line_ip_phone
ORciscospa_509g_12-line_ip_phone
ORciscospa_512g_1-line_ip_phone
ORciscospa_514g_4-line_ip_phone
ORciscospa_525g_5-line_ip_phone
ORciscospa_525g2_5-line_ip_phone
Node
ciscospa300_firmwareMatch7.5.5
ciscospa_301_1_line_ip_phone
ORciscospa_302d
ORciscospa_302dkit
ORciscospa_303_3_line_ip_phone
Related
cisco
cisco
cvelist
cvelist
CVE-2015-0670
2015-03-21 01:00:00
nvd
nvd
CVE-2015-0670
2015-03-21 01:59:01
prion
prion
Default configuration
2015-03-21 01:59:00
thn
thn
Cisco IP Phones Vulnerable To Remote Eavesdropping
2015-03-23 06:18:00
6.8 Medium
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
71.5%
Related for CVE-2015-0670