CVE-2012-0333

Published May 2, 2012

Last updated 12 years ago

Overview

Description: Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.
Source: ykramarz@cisco.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-287

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CEF7FB2-AA04-4793-84C9-F81A66B7472B",
            "versionEndIncluding": "7.4.9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "741E1BF8-B26F-4D31-8116-DB304DF4A43D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77069CBA-79FB-437B-9F32-5511B8079AFB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0575BEB0-5200-4B41-B9DB-6EA096DE83BC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE775598-05F9-4941-A58B-1B2B1A326C29"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6479487-5C22-4E2B-9B96-24D30F1003EF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8EF6458-3D74-47A1-9F43-5BB2E6338DF1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "930DDF42-0C68-4DD2-A9BC-90154215FB7D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D28D344-6271-4771-922F-0FE372B38EA0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B223DBD-4ACF-42EA-8C65-1F4EDE0FE8AF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:small_business_ip_phone:spa525g:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBB7F10E-753A-4203-BEE0-9A51C36323A2"
          },
          {
            "criteria": "cpe:2.3:h:cisco:small_business_ip_phone:spa525g2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1BDE56A-B57E-4B0D-B5D9-416D62B6EB57"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References