Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0670

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2015-0670
Last Modified 27 Mar 2015 09:59:53
Published 20 Mar 2015 09:59:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0670

Summary

The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.

Vulnerable Systems

Operating System

  • Cisco Spa300 Firmware 7.5.5

  • Cisco Spa500 Firmware 7.5.5


References

CISCO - 20150319 Cisco Small Business SPA300 and SPA500 Series IP Phones Unauthenticated Remote Dial Vulnerability

SECTRACK - 1031969


Last Updated: 27 May 2016 11:08:10