Cisco » Spa922 1-line Ip Phone With 1-port Ethernet : Security Vulnerabilities, CVEs,
Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.
Max CVSS
4.3
EPSS Score
0.26%
Published
2014-07-09
Updated
2017-08-29
The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.
Max CVSS
6.9
EPSS Score
0.09%
Published
2014-07-09
Updated
2017-08-29
2 vulnerabilities found