Описание
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.
Ссылки
Уязвимые конфигурации
Конфигурация 1Версия до 7.4.9 (включая)
Одновременно
Одно из
cpe:2.3:a:cisco:small_business_ip_phone_firmware:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.1.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.2.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.3.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.3:*:*:*:*:*:*:*
cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.4:*:*:*:*:*:*:*
cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.8:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:cisco:small_business_ip_phone:spa525g:*:*:*:*:*:*:*
cpe:2.3:h:cisco:small_business_ip_phone:spa525g2:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00274
Низкий
5 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
почти 4 года назад
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.
EPSS
Процентиль: 50%
0.00274
Низкий
5 Medium
CVSS2
Дефекты
CWE-287