CVE-2015-0670
- EPSS 0.53%
- Published 21.03.2015 01:59:01
- Last modified 12.04.2025 10:46:40
The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka ...
CVE-2014-3312
- EPSS 0.05%
- Published 09.07.2014 11:07:01
- Last modified 12.04.2025 10:46:40
The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct ac...
CVE-2014-3313
- EPSS 0.5%
- Published 09.07.2014 11:07:01
- Last modified 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.
CVE-2011-2545
- EPSS 0.26%
- Published 13.06.2012 20:55:01
- Last modified 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or ...