CVE-2012-0333

Published May 2, 2012

Last updated a month ago

CVSS info 5.0

Overview

Description: Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.
Source: psirt@cisco.com
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-287

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CEF7FB2-AA04-4793-84C9-F81A66B7472B",
            "versionEndIncluding": "7.4.9"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "741E1BF8-B26F-4D31-8116-DB304DF4A43D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77069CBA-79FB-437B-9F32-5511B8079AFB"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0575BEB0-5200-4B41-B9DB-6EA096DE83BC"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE775598-05F9-4941-A58B-1B2B1A326C29"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F6479487-5C22-4E2B-9B96-24D30F1003EF"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8EF6458-3D74-47A1-9F43-5BB2E6338DF1"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "930DDF42-0C68-4DD2-A9BC-90154215FB7D"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D28D344-6271-4771-922F-0FE372B38EA0"
          },
          {
            "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B223DBD-4ACF-42EA-8C65-1F4EDE0FE8AF"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:cisco:small_business_ip_phone:spa525g:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBB7F10E-753A-4203-BEE0-9A51C36323A2"
          },
          {
            "criteria": "cpe:2.3:h:cisco:small_business_ip_phone:spa525g2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1BDE56A-B57E-4B0D-B5D9-416D62B6EB57"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References