CVE-2014-3312

Currently unrated

Key Information:

Vendor: Cisco
Status: Spa 512g 1-line Ip Phone; Spa941 4-line Ip Phone With 1-port Ethernet; Spa 504g 4-line Ip Phone; Spa 525g 5-line Ip Phone
Vendor: CVE Published:; 9 July 2014

Summary

The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.

References

http://www.securitytracker.com/id/1030552

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

https://exchange.xforce.ibmcloud.com/vulnerabilities/94421

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jul 9, 2014
Vulnerability Reserved
May 7, 2014