The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.
References
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-07-09 04:07
Updated : 2017-08-28 18:34
NVD link : CVE-2014-3312
Mitre link : CVE-2014-3312
JSON object : View
CWE
CWE-287
Improper Authentication
Products Affected
cisco
- spa_512g_1-line_ip_phone
- spa_501g_8-line_ip_phone
- spa941_4-line_ip_phone_with_1-port_ethernet
- spa901_1-line_ip_phone
- spa_502g_1-line_ip_phone
- spa_525g2_5-line_ip_phone
- spa922_1-line_ip_phone_with_1-port_ethernet
- spa_525g_5-line_ip_phone
- spa_514g_4-line_ip_phone
- spa962_6-line_ip_phone_with_2-port_switch
- spa942_4-line_ip_phone_with_2-port_switch
- spa_508g_8-line_ip_phone
- spa_509g_12-line_ip_phone
- spa_303_3_line_ip_phone
- spa_504g_4-line_ip_phone
- spa_301_1_line_ip_phone