CVE-2011-2545 — MEDIUM (4.3)

Q: How severe is CVE-2011-2545?

CVE-2011-2545 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-2545?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Spa8000 8-Port Ip Telephony Gateway Firmware, Cisco Spa8000 8-Port Ip Telephony Gateway, Cisco Spa8800 8-Port Ip Telephony Gateway Firmware, Cisco Spa8800 Ip Telephony Gateway, Cisco Spa2102 Phone Adapter With Router Firmware.

Vulnerability Description

Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Spa8000 8-Port Ip Telephony Gateway Firmware	<= 6.1.10
Cisco	Spa8000 8-Port Ip Telephony Gateway	-
Cisco	Spa8800 8-Port Ip Telephony Gateway Firmware	<= 6.1.7
Cisco	Spa8800 Ip Telephony Gateway	-
Cisco	Spa2102 Phone Adapter With Router Firmware	<= 5.2.12
Cisco	Spa2102 Phone Adapter With Router	-
Cisco	Spa3102 Voice Gateway With Router Firmware	<= 5.1.10
Cisco	Spa3102 Voice Gateway With Router	-
Cisco	Spa 500 Series Ip Phone Firmware	<= 7.4.8
Cisco	Spa 501G 8-Line Ip Phone	All versions
Cisco	Spa 502G 1-Line Ip Phone	All versions
Cisco	Spa 504G 4-Line Ip Phone	All versions
Cisco	Spa 508G 8-Line Ip Phone	All versions
Cisco	Spa 509G 12-Line Ip Phone	All versions
Cisco	Spa 512G 1-Line Ip Phone	All versions
Cisco	Spa 514G 4-Line Ip Phone	All versions
Cisco	Spa 525G 5-Line Ip Phone	All versions
Cisco	Spa 525G2 5-Line Ip Phone	All versions

Related Weaknesses (CWE)

CWE-79

References

http://tools.cisco.com/security/center/viewAlert.x?alertId=26037Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=26037Vendor Advisory

FAQ

What is CVE-2011-2545?

CVE-2011-2545 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows r...

How severe is CVE-2011-2545?

CVE-2011-2545 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-2545?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Spa8000 8-Port Ip Telephony Gateway Firmware, Cisco Spa8000 8-Port Ip Telephony Gateway, Cisco Spa8800 8-Port Ip Telephony Gateway Firmware, Cisco Spa8800 Ip Telephony Gateway, Cisco Spa2102 Phone Adapter With Router Firmware.