CVE-2012-0333

Cisco SPA 500 - RCE

Title source: llm

Description

Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.

References (2)

[Release Notes] http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1027012

Scores

EPSS 0.0027

EPSS Percentile 50.5%

Classification

CWE

CWE-287

Status draft

Affected Products (12)

cisco/small_business_ip_phone_firmware < 7.4.9

cisco/small_business_ip_phone_firmware

cisco/small_business_ip_phone

Timeline

Published May 02, 2012

Tracked Since Feb 18, 2026