CVSS: 7.4EPSS: 0%CPEs: 28EXPL: 0CVE-2019-1683 – Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1683
25 Feb 2019 — A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attack... • http://www.securityfocus.com/bid/107111 • CWE-295: Improper Certificate Validation •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-12271
https://notcve.org/view.php?id=CVE-2017-12271
19 Oct 2017 — A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308. Una vulnerabilidad en Cisco SPA300 y SPA500 Series IP Phones podría permitir que un atacante remo... • http://www.securityfocus.com/bid/101524 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-1469
https://notcve.org/view.php?id=CVE-2016-1469
12 Sep 2016 — The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. El marco de referencia HTTP en dispositivos Cisco SPA300, SPA500 y SPA51x permite a atacantes remotos provocar una denegación de servicio (interrupción del dispositivo) a través de una serie de peticiones HTTP mal formadas, vulnerabilidad también conocida como Bug ID CSCut67385. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-spa • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2015-6403
https://notcve.org/view.php?id=CVE-2015-6403
15 Dec 2015 — The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400. La implementación TFTP en teléfonos Cisco Small Business SPA30x, SPA50x, SPA51x 7.5.7 no valida adecuadamente la integridad del archivo de imagen de firmware, lo que permite a usuarios locales cargar una imagen de un Troyano mediante el aprovechamiento de acceso shell, t... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-ipp • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2015-0670
https://notcve.org/view.php?id=CVE-2015-0670
21 Mar 2015 — The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482. La configuración por defecto de Cisco Small Business IP phones SPA 300 7.5.5 y SPA 500 7.5.5 no soporta adecuadamente autenticación, lo que permite a atacantes remotos leer flujo de datos de audio o originar llamadas de teléfono a través de un... • http://tools.cisco.com/security/center/viewAlert.x?alertId=37946 • CWE-287: Improper Authentication •