PT-2015-4797 · Cisco · Cisco Small Business Ip Phones Spa 500+1

Publicado

2015-03-21

Atualizado

2015-10-22

CVE-2015-0670

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Cisco Small Business IP phones SPA 300 version 7.5.5 Cisco Small Business IP phones SPA 500 version 7.5.5

Description The default configuration of the affected devices does not properly support authentication. This allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request.

Recommendations For Cisco Small Business IP phones SPA 300 version 7.5.5, update the configuration to properly support authentication. For Cisco Small Business IP phones SPA 500 version 7.5.5, update the configuration to properly support authentication.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2015-0670

Produtos afetados

Cisco Small Business Ip Phones Spa 300

Cisco Small Business Ip Phones Spa 500

PT-2015-4797 · Cisco · Cisco Small Business Ip Phones Spa 500+1

CVE-2015-0670

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3