Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3312

The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.

Published

2014-07-09T11:07:01.493

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.4

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-287
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Hardware cisco spa_301_1_line_ip_phone * Yes
Hardware cisco spa_303_3_line_ip_phone * Yes
Hardware cisco spa_501g_8-line_ip_phone * Yes
Hardware cisco spa_502g_1-line_ip_phone * Yes
Hardware cisco spa_504g_4-line_ip_phone * Yes
Hardware cisco spa_508g_8-line_ip_phone * Yes
Hardware cisco spa_509g_12-line_ip_phone * Yes
Hardware cisco spa_512g_1-line_ip_phone * Yes
Hardware cisco spa_514g_4-line_ip_phone * Yes
Hardware cisco spa_525g_5-line_ip_phone * Yes
Hardware cisco spa_525g2_5-line_ip_phone * Yes
Hardware cisco spa901_1-line_ip_phone * Yes
Hardware cisco spa922_1-line_ip_phone_with_1-port_ethernet * Yes
Hardware cisco spa941_4-line_ip_phone_with_1-port_ethernet * Yes
Hardware cisco spa942_4-line_ip_phone_with_2-port_switch * Yes
Hardware cisco spa962_6-line_ip_phone_with_2-port_switch * Yes
References