Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Spa525_firmware
(Cisco)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 3 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-08-03 | CVE-2023-20181 | A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the... | Spa500ds_firmware, Spa500s_firmware, Spa501g_firmware, Spa502g_firmware, Spa504g_firmware, Spa508g_firmware, Spa509g_firmware, Spa512g_firmware, Spa514g_firmware, Spa525_firmware, Spa525g2_firmware, Spa525g_firmware | 6.1 | ||
| 2023-08-03 | CVE-2023-20218 | A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to... | Spa500ds_firmware, Spa500s_firmware, Spa501g_firmware, Spa502g_firmware, Spa504g_firmware, Spa508g_firmware, Spa509g_firmware, Spa512g_firmware, Spa514g_firmware, Spa525_firmware, Spa525g2_firmware, Spa525g_firmware | 6.1 | ||
| 2019-02-25 | CVE-2019-1683 | A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could... | Spa112_firmware, Spa500_firmware, Spa500ds_firmware, Spa500s_firmware, Spa501g_firmware, Spa502g_firmware, Spa504g_firmware, Spa508g_firmware, Spa509g_firmware, Spa512g_firmware, Spa514g_firmware, Spa525_firmware, Spa525g_firmware, Spa5x5_firmware | 7.4 |