Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2545

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-2545
Last Modified 14 Jun 2012 12:00:00
Published 13 Jun 2012 04:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2545

Summary

Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715.

Vulnerable Systems

Operating System

  • Cisco Spa 500 Series Ip Phone Firmware 7.3.7

  • Cisco Spa 500 Series Ip Phone Firmware 7.4.3

  • Cisco Spa 500 Series Ip Phone Firmware 7.4.4

  • Cisco Spa 500 Series Ip Phone Firmware 7.4.6

  • Cisco Spa 500 Series Ip Phone Firmware 7.4.7

  • Cisco Spa 500 Series Ip Phone Firmware 7.4.8

  • Cisco Spa2102 Phone Adapter With Router Firmware 5.2.10

  • Cisco Spa2102 Phone Adapter With Router Firmware 5.2.12

  • Cisco Spa2102 Phone Adapter With Router Firmware 5.2.3

  • Cisco Spa2102 Phone Adapter With Router Firmware 5.2.5

  • Cisco Spa3102 Voice Gateway With Router Firmware 3.3.6

  • Cisco Spa3102 Voice Gateway With Router Firmware 5.1.10

  • Cisco Spa3102 Voice Gateway With Router Firmware 5.1.7

  • Cisco Spa8000 8-port Ip Telephony Gateway Firmware 5.1.12

  • Cisco Spa8000 8-port Ip Telephony Gateway Firmware 6.1.10

  • Cisco Spa8000 8-port Ip Telephony Gateway Firmware 6.1.3

  • Cisco Spa8800 8-port Ip Telephony Gateway Firmware 6.1.7


References

CONFIRM - http://tools.cisco.com/security/center/viewAlert.x?alertId=26037


Last Updated: 27 May 2016 10:49:38