Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote malicious users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco spa941 4-line ip phone with 1-port ethernet |
||
cisco spa922 1-line ip phone with 1-port ethernet |
||
cisco spa 508g 8-line ip phone |
||
cisco spa 504g 4-line ip phone |
||
cisco spa901 1-line ip phone |
||
cisco spa 525g2 5-line ip phone |
||
cisco spa 502g 1-line ip phone |
||
cisco spa 501g 8-line ip phone |
||
cisco spa 525g 5-line ip phone |
||
cisco spa 514g 4-line ip phone |
||
cisco spa 303 3 line ip phone |
||
cisco spa 301 1 line ip phone |
||
cisco spa962 6-line ip phone with 2-port switch |
||
cisco spa942 4-line ip phone with 2-port switch |
||
cisco spa 512g 1-line ip phone |
||
cisco spa 509g 12-line ip phone |
Open phones may crop up on Shodan
Creeps can listen in to conversations placed over vulnerable Cisco small business phones. Remote eavesdropping requires a crafted XML request be sent to the Borg's SPA 300 and 500 IP phones. Cisco warns version 7.5.5 of the software powering the phones is vulnerable, possibly along with more recent iterations. "An unauthenticated, remote attacker could exploit this vulnerability to listen to a remote audio stream from an affected device or to gain access to make phone calls remotely," it says in...