CVE-2015-0670

The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482.

Severity	MEDIUM
CVSS	6.4
CWE	CWE-287
KEV
Published	11 years ago
Modified	1 week ago

Related Products

Product	Advisory	Evidence
Cisco Small Business SPA500 Series IP Phones	Cisco-SA-20150319-CVE-2015-0670	Cisco OpenVuln