Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containing an XSS sequence.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Snom | 320 Sip Phone | All versions |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/28938
- http://www.gnucitizen.org/projects/router-hacking-challenge/
- http://www.securityfocus.com/archive/1/489009/100/0/threaded
- http://www.securityfocus.com/bid/27767
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40500
- http://secunia.com/advisories/28938
- http://www.gnucitizen.org/projects/router-hacking-challenge/
- http://www.securityfocus.com/archive/1/489009/100/0/threaded
- http://www.securityfocus.com/bid/27767
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40500
FAQ
What is CVE-2008-1250?
CVE-2008-1250 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as d...
How severe is CVE-2008-1250?
CVE-2008-1250 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1250?
Check the references section above for vendor advisories and patch information. Affected products include: Snom 320 Sip Phone.