CVE-2015-0670

Currently unrated

Key Information:

Vendor: Cisco
Status: Spa500 Firmware; Spa 501g 8-line Ip Phone; Spa 502g 1-line Ip Phone; Spa 504g 4-line Ip Phone
Vendor: CVE Published:; 21 March 2015

Summary

The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.

References

http://www.securitytracker.com/id/1031969

vdb-entryx_refsource_SECTRACK

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Mar 21, 2015
Vulnerability Reserved
Jan 7, 2015