VYPR
← All advisories
Unrated severityNVD Advisory· Published May 2, 2012· Updated Apr 29, 2026

CVE-2012-0333

CVE-2012-0333

Description

Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.

Affected products

12
  • Cisco Systems, Inc./Small Business Ip Phone Firmware10 versions
    cpe:2.3:a:cisco:small_business_ip_phone_firmware:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:cisco:small_business_ip_phone_firmware:*:*:*:*:*:*:*:*range: <=7.4.9
    • cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.8:*:*:*:*:*:*:*
  • Cisco Systems, Inc./Small Business Ip Phone2 versions
    cpe:2.3:h:cisco:small_business_ip_phone:spa525g:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:h:cisco:small_business_ip_phone:spa525g:*:*:*:*:*:*:*
    • cpe:2.3:h:cisco:small_business_ip_phone:spa525g2:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.