Authentication Flaw in Cisco Small Business SPA300 and SPA500 Phones
CVE-2014-3312

Currently unrated

Key Information:

Vendor

Cisco
Status
Spa 512g 1-line Ip Phone
Spa941 4-line Ip Phone With 1-port Ethernet
Spa 504g 4-line Ip Phone
Spa 525g 5-line Ip Phone
Vendor
CVE Published:
9 July 2014

What is CVE-2014-3312?

The debug console interface on Cisco Small Business SPA300 and SPA500 phones is susceptible to an authentication bypass. This flaw permits local users to execute arbitrary debug-shell commands or access sensitive memory or filesystem data by directly interacting with the interface. This exposure could potentially lead to unauthorized actions and serious implications for device security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securitytracker.com/id/1030552
vdb-entryx_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
https://exchange.xforce.ibmcloud.com/vulnerabilities/94421
vdb-entryx_refsource_XF

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.