CVE-2012-0333 — MEDIUM (5.0)

Q: How severe is CVE-2012-0333?

CVE-2012-0333 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-0333?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Small Business Ip Phone Firmware, Cisco Small Business Ip Phone.

Vulnerability Description

Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Small Business Ip Phone Firmware	<= 7.4.9
Cisco	Small Business Ip Phone	spa525g

Related Weaknesses (CWE)

CWE-287

References

FAQ

What is CVE-2012-0333?

CVE-2012-0333 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML docu...

How severe is CVE-2012-0333?

CVE-2012-0333 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-0333?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Small Business Ip Phone Firmware, Cisco Small Business Ip Phone.