Spa300 Firmware
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12271 | Hig | 0.57 | 8.8 | 0.01 | Oct 19, 2017 | A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this… | ||
| CVE-2017-12260 | Hig | 0.49 | 7.5 | 0.02 | Oct 19, 2017 | A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial… | ||
| CVE-2017-12219 | Hig | 0.49 | 7.5 | 0.03 | Sep 21, 2017 | A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The… | ||
| CVE-2016-1469 | Hig | 0.49 | 7.5 | 0.03 | Sep 12, 2016 | The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. | ||
| CVE-2015-6403 | 0.00 | — | 0.00 | Dec 15, 2015 | The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400. | |||
| CVE-2015-0670 | 0.00 | — | 0.02 | Mar 21, 2015 | The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482. |
- risk 0.57cvss 8.8epss 0.01
A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this…
- risk 0.49cvss 7.5epss 0.02
A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial…
- risk 0.49cvss 7.5epss 0.03
A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The…
- risk 0.49cvss 7.5epss 0.03
The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385.
- CVE-2015-6403Dec 15, 2015risk 0.00cvss —epss 0.00
The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.
- CVE-2015-0670Mar 21, 2015risk 0.00cvss —epss 0.02
The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.