CVE-2014-3312

The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.

Severity	MEDIUM
CVSS	6.9
CWE	CWE-287
KEV
Published	11 years ago
Modified	1 week ago

Related Products

Product	Advisory	Evidence
Cisco Small Business SPA500 Series IP Phones	Cisco-SA-20140709-CVE-2014-3312	Cisco OpenVuln
Cisco Small Business SPA300 Series IP Phones	Cisco-SA-20140709-CVE-2014-3312	Cisco OpenVuln