CVE-2015-0670

Cisco Small Business IP Phones SPA 300/500 7.5.5 - Unauthenticated Remote Audio Stream Access

Title source: llm
STIX 2.1

Description

The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031969
Vendor Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=37946

Scores

EPSS 0.0176
EPSS Percentile 75.2%

Details

CWE
CWE-287
Status published
Products (15)
cisco/spa300_firmware 7.5.5
cisco/spa500_firmware 7.5.5
cisco/spa_301_1_line_ip_phone
cisco/spa_302d
cisco/spa_302dkit
cisco/spa_303_3_line_ip_phone
cisco/spa_501g_8-line_ip_phone
cisco/spa_502g_1-line_ip_phone
cisco/spa_504g_4-line_ip_phone
cisco/spa_508g_8-line_ip_phone
... and 5 more
Published Mar 21, 2015
Tracked Since Feb 18, 2026