CVE-2017-12271
- EPSS 0.28%
- Veröffentlicht 19.10.2017 08:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An atta...
CVE-2016-1469
- EPSS 1.61%
- Veröffentlicht 12.09.2016 01:59:00
- Zuletzt bearbeitet 12.04.2025 10:46:40
The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385.
CVE-2015-6403
- EPSS 0.09%
- Veröffentlicht 15.12.2015 05:59:04
- Zuletzt bearbeitet 12.04.2025 10:46:40
The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400.
CVE-2015-0670
- EPSS 0.53%
- Veröffentlicht 21.03.2015 01:59:01
- Zuletzt bearbeitet 12.04.2025 10:46:40
The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka ...