CVE-2015-0670

Published: 21/03/2015 Updated: 22/10/2015

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote malicious users to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco spa500 firmware 7.5.5
cisco spa 501g 8-line ip phone
cisco spa 502g 1-line ip phone
cisco spa 504g 4-line ip phone
cisco spa 508g 8-line ip phone
cisco spa 509g 12-line ip phone
cisco spa 512g 1-line ip phone
cisco spa 514g 4-line ip phone
cisco spa 525g 5-line ip phone
cisco spa 525g2 5-line ip phone
cisco spa300 firmware 7.5.5
cisco spa 301 1 line ip phone
cisco spa 302d
cisco spa 302dkit
cisco spa 303 3 line ip phone

CREEPS rejoice: Small biz Cisco phones open to eavesdrop 0-day

The Register • Darren Pauli • 23 Mar 2015

Open phones may crop up on Shodan

Creeps can listen in to conversations placed over vulnerable Cisco small business phones. Remote eavesdropping requires a crafted XML request be sent to the Borg's SPA 300 and 500 IP phones. Cisco warns version 7.5.5 of the software powering the phones is vulnerable, possibly along with more recent iterations. "An unauthenticated, remote attacker could exploit this vulnerability to listen to a remote audio stream from an affected device or to gain access to make phone calls remotely," it says in...

CVE-2015-0670

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect