CVE-2014-3312
Cisco Small Business SPA300 and SPA500 IP Phones - Unauthenticated Debug Console Access
Title source: llmDescription
The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030552
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3312
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/94421
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68465
Scores
EPSS
0.0037
EPSS Percentile
28.6%
Details
CWE
CWE-287
Status
published
Products (16)
cisco/spa901_1-line_ip_phone
cisco/spa922_1-line_ip_phone_with_1-port_ethernet
cisco/spa941_4-line_ip_phone_with_1-port_ethernet
cisco/spa942_4-line_ip_phone_with_2-port_switch
cisco/spa962_6-line_ip_phone_with_2-port_switch
cisco/spa_301_1_line_ip_phone
cisco/spa_303_3_line_ip_phone
cisco/spa_501g_8-line_ip_phone
cisco/spa_502g_1-line_ip_phone
cisco/spa_504g_4-line_ip_phone
... and 6 more
Published
Jul 09, 2014
Tracked Since
Feb 18, 2026