Vulnerability Description
The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Spa500 Firmware | 7.5.5 |
| Cisco | Spa 501G 8-Line Ip Phone | All versions |
| Cisco | Spa 502G 1-Line Ip Phone | All versions |
| Cisco | Spa 504G 4-Line Ip Phone | All versions |
| Cisco | Spa 508G 8-Line Ip Phone | All versions |
| Cisco | Spa 509G 12-Line Ip Phone | All versions |
| Cisco | Spa 512G 1-Line Ip Phone | All versions |
| Cisco | Spa 514G 4-Line Ip Phone | All versions |
| Cisco | Spa 525G 5-Line Ip Phone | All versions |
| Cisco | Spa 525G2 5-Line Ip Phone | All versions |
| Cisco | Spa300 Firmware | 7.5.5 |
| Cisco | Spa 301 1 Line Ip Phone | All versions |
| Cisco | Spa 302D | All versions |
| Cisco | Spa 302Dkit | All versions |
| Cisco | Spa 303 3 Line Ip Phone | All versions |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/viewAlert.x?alertId=37946Vendor Advisory
- http://www.securitytracker.com/id/1031969
- http://tools.cisco.com/security/center/viewAlert.x?alertId=37946Vendor Advisory
- http://www.securitytracker.com/id/1031969
FAQ
What is CVE-2015-0670?
CVE-2015-0670 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or origina...
How severe is CVE-2015-0670?
CVE-2015-0670 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0670?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Spa500 Firmware, Cisco Spa 501G 8-Line Ip Phone, Cisco Spa 502G 1-Line Ip Phone, Cisco Spa 504G 4-Line Ip Phone, Cisco Spa 508G 8-Line Ip Phone.