VYPR

Spa300 Firmware

by Cisco Systems, Inc.

CVEs (6)

  • CVE-2017-12271HigOct 19, 2017
    risk 0.57cvss 8.8epss 0.01

    A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this…

  • CVE-2017-12260HigOct 19, 2017
    risk 0.49cvss 7.5epss 0.02

    A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial…

  • CVE-2017-12219HigSep 21, 2017
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The…

  • CVE-2016-1469HigSep 12, 2016
    risk 0.49cvss 7.5epss 0.03

    The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385.

  • CVE-2015-6403Dec 15, 2015
    risk 0.00cvss epss 0.00

    The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.

  • CVE-2015-0670Mar 21, 2015
    risk 0.00cvss epss 0.02

    The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.