CVE-2017-12271

A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308.

Severity	HIGH
CVSS	8.8
CWE	CWE-352
KEV
Published	8 years ago
Modified	6 days ago

Related Products

Product	Advisory	Evidence
Cisco Small Business SPA500 Series IP Phones	cisco-sa-20171018-spa	Cisco OpenVuln
Cisco Small Business SPA300 Series IP Phones	cisco-sa-20171018-spa	Cisco OpenVuln