Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Spa500_firmware
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 5 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2016-09-12 | CVE-2016-1469 | The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. | Spa300_firmware, Spa500_firmware | 7.5 | ||
| 2017-10-19 | CVE-2017-12271 | A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308. | Spa300_firmware, Spa500_firmware | 8.8 | ||
| 2019-02-25 | CVE-2019-1683 | A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could... | Spa112_firmware, Spa500_firmware, Spa500ds_firmware, Spa500s_firmware, Spa501g_firmware, Spa502g_firmware, Spa504g_firmware, Spa508g_firmware, Spa509g_firmware, Spa512g_firmware, Spa514g_firmware, Spa525_firmware, Spa525g_firmware, Spa5x5_firmware | 7.4 | ||
| 2015-12-15 | CVE-2015-6403 | The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400. | Spa300_firmware, Spa500_firmware | N/A | ||
| 2015-03-21 | CVE-2015-0670 | The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482. | Spa300_firmware, Spa500_firmware, Spa_301_1_line_ip_phone, Spa_302d, Spa_302dkit, Spa_303_3_line_ip_phone, Spa_501g_8\-Line_ip_phone, Spa_502g_1\-Line_ip_phone, Spa_504g_4\-Line_ip_phone, Spa_508g_8\-Line_ip_phone, Spa_509g_12\-Line_ip_phone, Spa_512g_1\-Line_ip_phone, Spa_514g_4\-Line_ip_phone, Spa_525g2_5\-Line_ip_phone, Spa_525g_5\-Line_ip_phone | N/A |