The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.
2015-03-21T01:59:01.560
2025-04-12T10:46:40.837
Deferred
CVSSv2: 6.4 (MEDIUM)
AV:N/AC:L/Au:N/C:P/I:P/A:N
10.0
4.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | cisco | spa500_firmware | 7.5.5 | Yes |
| Hardware | cisco | spa_501g_8-line_ip_phone | * | Yes |
| Hardware | cisco | spa_502g_1-line_ip_phone | * | Yes |
| Hardware | cisco | spa_504g_4-line_ip_phone | * | Yes |
| Hardware | cisco | spa_508g_8-line_ip_phone | * | Yes |
| Hardware | cisco | spa_509g_12-line_ip_phone | * | Yes |
| Hardware | cisco | spa_512g_1-line_ip_phone | * | Yes |
| Hardware | cisco | spa_514g_4-line_ip_phone | * | Yes |
| Hardware | cisco | spa_525g_5-line_ip_phone | * | Yes |
| Hardware | cisco | spa_525g2_5-line_ip_phone | * | Yes |
| Operating System | cisco | spa300_firmware | 7.5.5 | Yes |
| Hardware | cisco | spa_301_1_line_ip_phone | * | Yes |
| Hardware | cisco | spa_302d | * | Yes |
| Hardware | cisco | spa_302dkit | * | Yes |
| Hardware | cisco | spa_303_3_line_ip_phone | * | Yes |