Vulnerabilities (CVE)

Filtered by vendor Cisco Subscribe
Filtered by product Spa500 Firmware
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-1683 1 Cisco 28 Spa112, Spa112 Firmware, Spa500 and 25 more 2024-02-04 5.8 MEDIUM 7.4 HIGH
A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.
CVE-2017-12271 1 Cisco 4 Spa300 Firmware, Spa300 Series Ip Phone, Spa500 Firmware and 1 more 2024-02-04 6.8 MEDIUM 8.8 HIGH
A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308.
CVE-2015-6403 1 Cisco 14 Spa300 Firmware, Spa500 Firmware, Spa 301 and 11 more 2024-02-04 7.2 HIGH N/A
The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.
CVE-2016-1469 1 Cisco 4 Spa300 Firmware, Spa300 Series Ip Phone, Spa500 Firmware and 1 more 2024-02-04 7.8 HIGH 7.5 HIGH
The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385.
CVE-2015-0670 1 Cisco 15 Spa300 Firmware, Spa500 Firmware, Spa 301 1 Line Ip Phone and 12 more 2024-02-04 6.4 MEDIUM N/A
The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.