Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0670


Vulnerability Score 6.4 6.4
CVE Id CVE-2015-0670
Last Modified 27 Mar 2015 09:59:53
Published 20 Mar 2015 09:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.

Vulnerable Systems

Operating System

  • Cisco Spa300 Firmware 7.5.5

  • Cisco Spa500 Firmware 7.5.5


CISCO - 20150319 Cisco Small Business SPA300 and SPA500 Series IP Phones Unauthenticated Remote Dial Vulnerability

SECTRACK - 1031969

Last Updated: 27 May 2016 11:08:10