CVSS: 6.4EPSS: 0%CPEs: 24EXPL: 0CVE-2023-20181
https://notcve.org/view.php?id=CVE-2023-20181
03 Aug 2023 — A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affect... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.4EPSS: 0%CPEs: 24EXPL: 0CVE-2023-20218
https://notcve.org/view.php?id=CVE-2023-20218
03 Aug 2023 — A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents o... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 6.6EPSS: 0%CPEs: 10EXPL: 0CVE-2019-15959 – Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-15959
23 Sep 2020 — A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context. ... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-spa500-script • CWE-20: Improper Input Validation •
CVSS: 6.6EPSS: 0%CPEs: 20EXPL: 0CVE-2019-1923 – Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-1923
17 Jul 2019 — A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by accessing the configuration interface, which may require a password, and then accessing the device's physical interface and inserting a USB storage device. A successful exploit could allow the attacker to execute arbit... • http://www.securityfocus.com/bid/109294 • CWE-20: Improper Input Validation CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.4EPSS: 0%CPEs: 28EXPL: 0CVE-2019-1683 – Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability
https://notcve.org/view.php?id=CVE-2019-1683
25 Feb 2019 — A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attack... • http://www.securityfocus.com/bid/107111 • CWE-295: Improper Certificate Validation •