Vulnerabilities (CVE)

Filtered by vendor Cisco Subscribe
Filtered by product Spa 301 1 Line Ip Phone
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0670 1 Cisco 15 Spa300 Firmware, Spa500 Firmware, Spa 301 1 Line Ip Phone and 12 more 2024-11-21 6.4 MEDIUM N/A
The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.
CVE-2014-3313 1 Cisco 16 Spa901 1-line Ip Phone, Spa922 1-line Ip Phone With 1-port Ethernet, Spa941 4-line Ip Phone With 1-port Ethernet and 13 more 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.
CVE-2014-3312 1 Cisco 16 Spa901 1-line Ip Phone, Spa922 1-line Ip Phone With 1-port Ethernet, Spa941 4-line Ip Phone With 1-port Ethernet and 13 more 2024-11-21 6.9 MEDIUM N/A
The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.
CVE-2024-20450 1 Cisco 22 Spa 301 1 Line Ip Phone, Spa 301 Firmware, Spa 303 3 Line Ip Phone and 19 more 2024-08-23 N/A 9.8 CRITICAL
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.
CVE-2024-20451 1 Cisco 22 Spa 301 1 Line Ip Phone, Spa 301 Firmware, Spa 303 3 Line Ip Phone and 19 more 2024-08-23 N/A 7.5 HIGH
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These vulnerabilities exist because HTTP packets are not properly checked for errors. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the remote interface of an affected device. A successful exploit could allow the attacker to cause a DoS condition on the device.
CVE-2024-20454 1 Cisco 22 Spa 301 1 Line Ip Phone, Spa 301 Firmware, Spa 303 3 Line Ip Phone and 19 more 2024-08-23 N/A 9.8 CRITICAL
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP packets are not properly checked for errors, which could result in a buffer overflow. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to overflow an internal buffer and execute arbitrary commands at the root privilege level.