Cross-Site Scripting Vulnerability in Cisco Small Business Phones
CVE-2014-3313

Currently unrated

Key Information:

Vendor

Cisco
Status
Spa 512g 1-line Ip Phone
Spa941 4-line Ip Phone With 1-port Ethernet
Spa 504g 4-line Ip Phone
Spa 525g 5-line Ip Phone
Vendor
CVE Published:
9 July 2014

What is CVE-2014-3313?

A cross-site scripting (XSS) vulnerability exists in the web user interface of Cisco Small Business SPA300 and SPA500 series phones. This vulnerability enables remote attackers to inject arbitrary script or HTML content into affected devices through a specially crafted URL. If exploited, this flaw can lead to unauthorized actions performed on behalf of users accessing the UI of these phones.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1030553
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/68464
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.