Published: 21/03/2015 Updated: 22/10/2015

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote malicious users to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco spa500_firmware 7.5.5
cisco spa_504g_4-line_ip_phone
cisco spa_501g_8-line_ip_phone
cisco spa_525g2_5-line_ip_phone
cisco spa_508g_8-line_ip_phone
cisco spa_502g_1-line_ip_phone
cisco spa_525g_5-line_ip_phone
cisco spa_514g_4-line_ip_phone
cisco spa_512g_1-line_ip_phone
cisco spa_509g_12-line_ip_phone
cisco spa300_firmware 7.5.5
cisco spa_302dkit
cisco spa_303_3_line_ip_phone
cisco spa_302d
cisco spa_301_1_line_ip_phone

CREEPS rejoice: Small biz Cisco phones open to eavesdrop 0-day

The Register • Darren Pauli • 23 Mar 2015

Open phones may crop up on Shodan

Creeps can listen in to conversations placed over vulnerable Cisco small business phones. Remote eavesdropping requires a crafted XML request be sent to the Borg's SPA 300 and 500 IP phones. Cisco warns version 7.5.5 of the software powering the phones is vulnerable, possibly along with more recent iterations. "An unauthenticated, remote attacker could exploit this vulnerability to listen to a remote audio stream from an affected device or to gain access to make phone calls remotely," it says in...

CVE-2015-0670

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect