Skip to main content

Spa500 Firmware

5 CVEs product

Monthly

CVE-2019-1683 HIGH This Week

A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Spa112 Firmware Spa525 Firmware Spa5X5 Firmware +11
NVD
CVSS 3.1
7.4
EPSS
0.9%
CVE-2017-12271 HIGH This Week

A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Spa300 Firmware Spa500 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2016-1469 HIGH This Week

The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Spa300 Firmware Spa500 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2015-6403 HIGH This Week

The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Spa500 Firmware Spa300 Firmware
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-0670 MEDIUM This Month

The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Spa500 Firmware Spa 501G 8 Line Ip Phone Spa 502G 1 Line Ip Phone +12
NVD
CVSS 2.0
6.4
EPSS
0.3%
EPSS 1% CVSS 7.4
HIGH This Week

A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Information Disclosure Spa112 Firmware +13
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Spa300 Firmware +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Spa300 Firmware +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Spa500 Firmware +1
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Spa500 Firmware +14
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy