CVE-2011-2545

{"id": "CVE-2011-2545", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2012-06-13T20:55:01.707", "references": [{"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=26037", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la implementaci\u00f3n de SIP de Cisco SPA8000 y SPA8800 anteriores a 6.1.11, SPA2102 y SPA3102 anteriores a 5.2.13, y SPA 500 series IP phones anteriores a 7.4.9. Permite a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del campo FROM de un mensaje INVITE. Tambi\u00e9n conocido como Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, y CSCtr14715."}], "lastModified": "2012-06-14T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa8000_8-port_ip_telephony_gateway_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9409D324-CFAA-4BB3-A1AA-387DB998509F", "versionEndIncluding": "6.1.10"}, {"criteria": "cpe:2.3:o:cisco:spa8000_8-port_ip_telephony_gateway_firmware:5.1.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85E358B8-7691-4CB1-923D-FA67BE69DA16"}, {"criteria": "cpe:2.3:o:cisco:spa8000_8-port_ip_telephony_gateway_firmware:6.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "210E6034-8E01-41E1-8315-C0E4A8C42A64"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa8000_8-port_ip_telephony_gateway:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36A8B70B-0D25-4C61-B4B5-13B5512C0E4B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa8800_8-port_ip_telephony_gateway_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "688A5A3A-75A0-4DFF-A8D5-FA6B0F28D893", "versionEndIncluding": "6.1.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa8800_ip_telephony_gateway:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B18E4FE1-12E7-47E9-95C7-FA6087C1768E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "376C0CD0-D3E1-47B6-9F67-85856837C240", "versionEndIncluding": "5.2.12"}, {"criteria": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:5.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87B034F5-3374-49EF-906E-F3387DF82EC2"}, {"criteria": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:5.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5881909-4E84-4056-B4F5-67A8E06BCE71"}, {"criteria": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:5.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB7A83C6-FF68-44FA-B780-1D379A236E4A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa2102_phone_adapter_with_router:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4677C763-6F98-4325-89E1-51E58CB4A5D8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa3102_voice_gateway_with_router_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26BBA32F-CECB-4130-94E8-E5DF55350C73", "versionEndIncluding": "5.1.10"}, {"criteria": "cpe:2.3:o:cisco:spa3102_voice_gateway_with_router_firmware:3.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3DBFBE5-9378-421B-BD19-D7483E319F9B"}, {"criteria": "cpe:2.3:o:cisco:spa3102_voice_gateway_with_router_firmware:5.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7113D1E3-81CF-4803-9C49-46DC226652B8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa3102_voice_gateway_with_router:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFA43283-2E65-46B1-9C38-3DA53FE4383E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA07E92F-F3DA-46AC-9873-57D295228DAF", "versionEndIncluding": "7.4.8"}, {"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5093082F-6C22-414B-922C-965BBD72CD17"}, {"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8757A9BF-0600-4FAA-9572-0ABC313B8985"}, {"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "492EC486-734A-441B-9D60-DD32C9C00743"}, {"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51CD58AE-270D-4D3E-8E16-99F4A20A8332"}, {"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E95C5A9-116E-47CC-9F1D-ABF6E8A49B4D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa_501g_8-line_ip_phone:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "527E6A1C-A9AE-4AF3-8507-AC2A03924E7E"}, {"criteria": "cpe:2.3:h:cisco:spa_502g_1-line_ip_phone:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CD470FF7-2536-4438-8ABD-96CB2C3E75E5"}, {"criteria": "cpe:2.3:h:cisco:spa_504g_4-line_ip_phone:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84F14F35-FB94-4EC7-B50C-2CA6DD03A703"}, {"criteria": "cpe:2.3:h:cisco:spa_508g_8-line_ip_phone:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FA06FAB-9D59-40AD-8888-767D48B2DBCF"}, {"criteria": "cpe:2.3:h:cisco:spa_509g_12-line_ip_phone:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F797658-737B-445F-AF43-E591231F1A64"}, {"criteria": "cpe:2.3:h:cisco:spa_512g_1-line_ip_phone:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71D77638-F36D-4FE7-871F-DB985DD82130"}, {"criteria": "cpe:2.3:h:cisco:spa_514g_4-line_ip_phone:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A68F5658-F1EE-4AA5-A7E5-4FEAA73C0DA0"}, {"criteria": "cpe:2.3:h:cisco:spa_525g_5-line_ip_phone:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEDD2219-75C0-4E70-9A32-761CAB513C4F"}, {"criteria": "cpe:2.3:h:cisco:spa_525g2_5-line_ip_phone:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6CC94EC7-F454-4FAD-9E40-474A4D416F60"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}