PT-2017-12446 · Cisco · Cisco Spa500 Series Ip Phones+1
Published
2017-10-19
·
Updated
2023-06-27
·
CVE-2017-12271
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco SPA300 and SPA500 Series IP Phones (affected versions not specified)
Description
A lack of cross-site request forgery (CSRF) protection in the Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. This can be achieved by tricking the user of a web application into executing an adverse action.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Spa300 Series Ip Phones
Cisco Spa500 Series Ip Phones