CVE-2012-0333
CVSS V2 Medium 5
CVSS V3 None
Description
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.
Overview
- CVE ID
- CVE-2012-0333
- Assigner
- ykramarz@cisco.com
- Vulnerability Status
- Modified
- Published Version
- 2012-05-02T10:09:21
- Last Modified Date
- 2012-10-30T04:00:10
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| AND | ||||
| cpe:2.3:a:cisco:small_business_ip_phone_firmware:*:*:*:*:*:*:*:* | 1 | OR | 7.4.9 | |
| cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.1.7:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.2.5:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.3.5:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.3:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.4:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.5:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.6:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.7:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.8:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:cisco:small_business_ip_phone:spa525g:*:*:*:*:*:*:* | 1 | OR | ||
| cpe:2.3:h:cisco:small_business_ip_phone:spa525g2:*:*:*:*:*:*:* | 1 | OR |
CVSS Version 2
- Version
- 2.0
- Vector String
- AV:N/AC:L/Au:N/C:N/I:P/A:N
- Access Vector
- NETWORK
- Access Compatibility
- LOW
- Authentication
- NONE
- Confidentiality Impact
- NONE
- Integrity Impact
- PARTIAL
- Availability Impact
- NONE
- Base Score
- 5
- Severity
- MEDIUM
- Exploitability Score
- 10
- Impact Score
- 2.9
References
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2012-0333 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0333 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-05-10 10:49:23 | Added to TrackCVE |