CVSS: 7.4EPSS: 0%CPEs: 28EXPL: 0CVE-2019-1683 – Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1683
25 Feb 2019 — A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attack... • http://www.securityfocus.com/bid/107111 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-12271
https://notcve.org/view.php?id=CVE-2017-12271
19 Oct 2017 — A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308. Una vulnerabilidad en Cisco SPA300 y SPA500 Series IP Phones podría permitir que un atacante remo... • http://www.securityfocus.com/bid/101524 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-1469
https://notcve.org/view.php?id=CVE-2016-1469
12 Sep 2016 — The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. El marco de referencia HTTP en dispositivos Cisco SPA300, SPA500 y SPA51x permite a atacantes remotos provocar una denegación de servicio (interrupción del dispositivo) a través de una serie de peticiones HTTP mal formadas, vulnerabilidad también conocida como Bug ID CSCut67385. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-spa • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2015-0670
https://notcve.org/view.php?id=CVE-2015-0670
21 Mar 2015 — The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482. La configuración por defecto de Cisco Small Business IP phones SPA 300 7.5.5 y SPA 500 7.5.5 no soporta adecuadamente autenticación, lo que permite a atacantes remotos leer flujo de datos de audio o originar llamadas de teléfono a través de un... • http://tools.cisco.com/security/center/viewAlert.x?alertId=37946 • CWE-287: Improper Authentication •