Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-0333

Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.

Published

2012-05-02T10:09:21.847

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-287
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application cisco small_business_ip_phone_firmware ≤ 7.4.9 Yes
Application cisco small_business_ip_phone_firmware 7.1.7 Yes
Application cisco small_business_ip_phone_firmware 7.2.5 Yes
Application cisco small_business_ip_phone_firmware 7.3.5 Yes
Application cisco small_business_ip_phone_firmware 7.4.3 Yes
Application cisco small_business_ip_phone_firmware 7.4.4 Yes
Application cisco small_business_ip_phone_firmware 7.4.5 Yes
Application cisco small_business_ip_phone_firmware 7.4.6 Yes
Application cisco small_business_ip_phone_firmware 7.4.7 Yes
Application cisco small_business_ip_phone_firmware 7.4.8 Yes
Hardware cisco small_business_ip_phone spa525g Yes
Hardware cisco small_business_ip_phone spa525g2 Yes
References