Cisco IP Small Business Phones XML Authentication Flaw Lets Remote Users Make Unauthorized
|
|
SecurityTracker Alert ID: 1027012 |
|
SecurityTracker URL: http://securitytracker.com/id/1027012
|
|
CVE Reference:
CVE-2012-0333
(Links to External Site)
|
Date: May 3 2012
|
Impact:
Host/resource access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): SPA 500 series firmware 7.4.9 and prior
|
Description:
A vulnerability was reported in Cisco Small Business IP Phones. A remote user can make unauthorized phone calls.
A remote user can submit a Push XML request to make telephone calls via an XML document without authenticating.
Cisco has assigned Bug ID CSCts08768 to this vulnerability.
|
Impact:
A remote user can make unauthorized phone calls.
|
Solution:
The vendor has issued a fix (7.5.1).
The vendor's advisory is available at:
http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf
|
Vendor URL: www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf (Links to External Site)
|
Cause:
Authentication error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
