Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.
References
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 01:34
Type | Values Removed | Values Added |
---|---|---|
References | () http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf - | |
References | () http://www.securitytracker.com/id?1027012 - |
Information
Published : 2012-05-02 10:09
Updated : 2024-11-21 01:34
NVD link : CVE-2012-0333
Mitre link : CVE-2012-0333
CVE.ORG link : CVE-2012-0333
JSON object : View
Products Affected
cisco
- small_business_ip_phone
- small_business_ip_phone_firmware
CWE
CWE-287
Improper Authentication