CVE-2012-0333

Cisco Small Business IP Phone Firmware < 7.4.9 - Unauthenticated Push XML Request Handling

Title source: llm

Description

Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.

References (2)

Core 2

Core References

Release Notes x_refsource_confirm

http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1027012

Scores

EPSS 0.0108

EPSS Percentile 61.0%

Details

CWE

CWE-287

Status published

Products (12)

cisco/small_business_ip_phone spa525g

cisco/small_business_ip_phone spa525g2

cisco/small_business_ip_phone_firmware 7.1.7

cisco/small_business_ip_phone_firmware 7.2.5

cisco/small_business_ip_phone_firmware 7.3.5

cisco/small_business_ip_phone_firmware 7.4.3

cisco/small_business_ip_phone_firmware 7.4.4

cisco/small_business_ip_phone_firmware 7.4.5

cisco/small_business_ip_phone_firmware 7.4.6

cisco/small_business_ip_phone_firmware 7.4.7

... and 2 more

Published May 02, 2012

Tracked Since Feb 18, 2026