CVE-2011-2545
Published Jun 13, 2012
Last updated 12 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715.
- Source
- ykramarz@cisco.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa8000_8-port_ip_telephony_gateway_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9409D324-CFAA-4BB3-A1AA-387DB998509F",
"versionEndIncluding": "6.1.10"
},
{
"criteria": "cpe:2.3:o:cisco:spa8000_8-port_ip_telephony_gateway_firmware:5.1.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85E358B8-7691-4CB1-923D-FA67BE69DA16"
},
{
"criteria": "cpe:2.3:o:cisco:spa8000_8-port_ip_telephony_gateway_firmware:6.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "210E6034-8E01-41E1-8315-C0E4A8C42A64"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa8000_8-port_ip_telephony_gateway:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36A8B70B-0D25-4C61-B4B5-13B5512C0E4B"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa8800_8-port_ip_telephony_gateway_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "688A5A3A-75A0-4DFF-A8D5-FA6B0F28D893",
"versionEndIncluding": "6.1.7"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa8800_ip_telephony_gateway:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B18E4FE1-12E7-47E9-95C7-FA6087C1768E"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "376C0CD0-D3E1-47B6-9F67-85856837C240",
"versionEndIncluding": "5.2.12"
},
{
"criteria": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:5.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87B034F5-3374-49EF-906E-F3387DF82EC2"
},
{
"criteria": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:5.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5881909-4E84-4056-B4F5-67A8E06BCE71"
},
{
"criteria": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:5.2.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB7A83C6-FF68-44FA-B780-1D379A236E4A"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa2102_phone_adapter_with_router:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4677C763-6F98-4325-89E1-51E58CB4A5D8"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa3102_voice_gateway_with_router_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26BBA32F-CECB-4130-94E8-E5DF55350C73",
"versionEndIncluding": "5.1.10"
},
{
"criteria": "cpe:2.3:o:cisco:spa3102_voice_gateway_with_router_firmware:3.3.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3DBFBE5-9378-421B-BD19-D7483E319F9B"
},
{
"criteria": "cpe:2.3:o:cisco:spa3102_voice_gateway_with_router_firmware:5.1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7113D1E3-81CF-4803-9C49-46DC226652B8"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa3102_voice_gateway_with_router:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AFA43283-2E65-46B1-9C38-3DA53FE4383E"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA07E92F-F3DA-46AC-9873-57D295228DAF",
"versionEndIncluding": "7.4.8"
},
{
"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.3.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5093082F-6C22-414B-922C-965BBD72CD17"
},
{
"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8757A9BF-0600-4FAA-9572-0ABC313B8985"
},
{
"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "492EC486-734A-441B-9D60-DD32C9C00743"
},
{
"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51CD58AE-270D-4D3E-8E16-99F4A20A8332"
},
{
"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E95C5A9-116E-47CC-9F1D-ABF6E8A49B4D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa_501g_8-line_ip_phone:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "527E6A1C-A9AE-4AF3-8507-AC2A03924E7E"
},
{
"criteria": "cpe:2.3:h:cisco:spa_502g_1-line_ip_phone:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD470FF7-2536-4438-8ABD-96CB2C3E75E5"
},
{
"criteria": "cpe:2.3:h:cisco:spa_504g_4-line_ip_phone:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "84F14F35-FB94-4EC7-B50C-2CA6DD03A703"
},
{
"criteria": "cpe:2.3:h:cisco:spa_508g_8-line_ip_phone:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FA06FAB-9D59-40AD-8888-767D48B2DBCF"
},
{
"criteria": "cpe:2.3:h:cisco:spa_509g_12-line_ip_phone:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F797658-737B-445F-AF43-E591231F1A64"
},
{
"criteria": "cpe:2.3:h:cisco:spa_512g_1-line_ip_phone:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71D77638-F36D-4FE7-871F-DB985DD82130"
},
{
"criteria": "cpe:2.3:h:cisco:spa_514g_4-line_ip_phone:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A68F5658-F1EE-4AA5-A7E5-4FEAA73C0DA0"
},
{
"criteria": "cpe:2.3:h:cisco:spa_525g_5-line_ip_phone:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CEDD2219-75C0-4E70-9A32-761CAB513C4F"
},
{
"criteria": "cpe:2.3:h:cisco:spa_525g2_5-line_ip_phone:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CC94EC7-F454-4FAD-9E40-474A4D416F60"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]