Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco SPA300 and SPA500 Series IP Phones Cross-Site Request Forgery Vulnerability

cisco-sa-20171018-spa · Medium · Published · Updated

A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-spa

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2017-12271
Cisco Bug IDsCSCuz88421, CSCuz91356, CSCve56308
CVSS ScoreBase 5.3
Base 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Small Business SPA500 Series IP Phones, Cisco Small Business SPA300 Series IP Phones

Related Products

Product CVE Evidence
Cisco Small Business SPA500 Series IP Phones CVE-2017-12271 Cisco OpenVuln
Cisco Small Business SPA300 Series IP Phones CVE-2017-12271 Cisco OpenVuln