PT-2012-2508 · Cisco · Cisco Small Business Ip Phones
Publicado
2012-05-02
·
Atualizado
2012-10-30
·
CVE-2012-0333
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Small Business IP phones with SPA 500 series firmware versions 7.4.9 and earlier
Description
The issue allows remote attackers to make unauthorized telephone calls by sending an XML document, as no authentication is required for Push XML requests.
Recommendations
For versions 7.4.9 and earlier, consider disabling the Push XML request feature until a patch is available to require proper authentication for such requests.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cisco Small Business Ip Phones