Unauthenticated Remote Access Vulnerability in Cisco Small Business IP Phones
CVE-2015-0670

Currently unrated

Key Information:

Vendor
Cisco
Status
Spa500 Firmware
Spa 501g 8-line Ip Phone
Spa 502g 1-line Ip Phone
Spa 504g 4-line Ip Phone
Vendor
CVE Published:
21 March 2015

Summary

The default configuration of Cisco Small Business IP phones from the SPA 300 and SPA 500 series is susceptible to an unauthenticated remote access vulnerability. This flaw allows attackers to intercept audio-stream data or initiate telephone calls by sending a specially crafted XML request, exposing sensitive communication and potentially facilitating unauthorized operations.

References

http://www.securitytracker.com/id/1031969
vdb-entryx_refsource_SECTRACK
http://tools.cisco.com/security/center/viewAlert.x?alertI...
vendor-advisoryx_refsource_CISCO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.