The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C
Vendors Products
Cisco
  • Spa962 6-line Ip Phone With 2-port Switch
  • Spa 514g 4-line Ip Phone
  • Spa 502g 1-line Ip Phone
  • Spa 504g 4-line Ip Phone
  • Spa 303 3 Line Ip Phone
  • Spa 509g 12-line Ip Phone
  • Spa941 4-line Ip Phone With 1-port Ethernet
  • Spa 525g2 5-line Ip Phone
  • Spa 512g 1-line Ip Phone
  • Spa922 1-line Ip Phone With 1-port Ethernet
  • Spa 525g 5-line Ip Phone
  • Spa901 1-line Ip Phone
  • Spa 508g 8-line Ip Phone
  • Spa 501g 8-line Ip Phone
  • Spa 301 1 Line Ip Phone
  • Spa942 4-line Ip Phone With 2-port Switch

Configuration 1 [-]

OR cpe:2.3:h:cisco:spa_301_1_line_ip_phone:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:spa_303_3_line_ip_phone:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:spa_501g_8-line_ip_phone:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:spa_502g_1-line_ip_phone:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:spa_504g_4-line_ip_phone:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:spa_508g_8-line_ip_phone:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:spa_509g_12-line_ip_phone:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:spa_512g_1-line_ip_phone:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:spa_514g_4-line_ip_phone:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:spa_525g_5-line_ip_phone:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:spa_525g2_5-line_ip_phone:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:spa901_1-line_ip_phone:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:spa922_1-line_ip_phone_with_1-port_ethernet:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:spa941_4-line_ip_phone_with_1-port_ethernet:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:spa942_4-line_ip_phone_with_2-port_switch:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:spa962_6-line_ip_phone_with_2-port_switch:*:*:*:*:*:*:*:*
References
Link Resource
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3312 Vendor Advisory
http://www.securityfocus.com/bid/68465
http://www.securitytracker.com/id/1030552
https://exchange.xforce.ibmcloud.com/vulnerabilities/94421
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2014-07-09T10:00:00

Updated: 2017-08-28T12:57:01

Reserved: 2014-05-07T00:00:00

Link: CVE-2014-3312

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2014-07-09T11:07:01.493

Modified: 2017-08-29T01:34:41.657

Link: CVE-2014-3312

JSON object: View

cve-icon Redhat Information

No data.

CWE