PT-2015-4797 · Cisco · Cisco Small Business Ip Phones Spa 500+1

Published

2015-03-21

Updated

2015-10-22

CVE-2015-0670

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Cisco Small Business IP phones SPA 300 version 7.5.5 Cisco Small Business IP phones SPA 500 version 7.5.5

Description The default configuration of the affected devices does not properly support authentication. This allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request.

Recommendations For Cisco Small Business IP phones SPA 300 version 7.5.5, update the configuration to properly support authentication. For Cisco Small Business IP phones SPA 500 version 7.5.5, update the configuration to properly support authentication.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2015-0670

Affected Products

Cisco Small Business Ip Phones Spa 300

Cisco Small Business Ip Phones Spa 500

PT-2015-4797 · Cisco · Cisco Small Business Ip Phones Spa 500+1

CVE-2015-0670

Weakness Enumeration

Related Identifiers

Affected Products

References · 3