PT-2012-2508 · Cisco · Cisco Small Business Ip Phones

Published

2012-05-02

Updated

2012-10-30

CVE-2012-0333

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Cisco Small Business IP phones with SPA 500 series firmware versions 7.4.9 and earlier

Description The issue allows remote attackers to make unauthorized telephone calls by sending an XML document, as no authentication is required for Push XML requests.

Recommendations For versions 7.4.9 and earlier, consider disabling the Push XML request feature until a patch is available to require proper authentication for such requests.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2012-0333

Affected Products

Cisco Small Business Ip Phones

PT-2012-2508 · Cisco · Cisco Small Business Ip Phones

CVE-2012-0333

Weakness Enumeration

Related Identifiers

Affected Products

References · 3