CVE-2015-0670
Cisco Small Business SPA300 and SPA500 IP phones running firmware version 7.5.5 are affected by CVE-2015-0670 due to improper authentication in the default configuration. A crafted XML request can allow an unauthenticated remote attacker to read audio-stream data or originate telephone calls. The...