Authentication Flaw in Cisco Small Business SPA300 and SPA500 Phones
CVE-2014-3312

Currently unrated

Key Information:

Vendor: Cisco
Status: Spa 512g 1-line Ip Phone; Spa941 4-line Ip Phone With 1-port Ethernet; Spa 504g 4-line Ip Phone; Spa 525g 5-line Ip Phone
Vendor: CVE Published:; 9 July 2014

Summary

The debug console interface on Cisco Small Business SPA300 and SPA500 phones is susceptible to an authentication bypass. This flaw permits local users to execute arbitrary debug-shell commands or access sensitive memory or filesystem data by directly interacting with the interface. This exposure could potentially lead to unauthorized actions and serious implications for device security.

References

http://www.securitytracker.com/id/1030552

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

https://exchange.xforce.ibmcloud.com/vulnerabilities/94421

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jul 9, 2014
Vulnerability Reserved
May 7, 2014