T
he debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:07
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3312 - Vendor Advisory | |
| References | () http://www.securityfocus.com/bid/68465 - | |
| References | () http://www.securitytracker.com/id/1030552 - | |
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/94421 - |
Information
Published : 2014-07-09 11:07
Updated : 2025-04-12 10:46
NVD link : CVE-2014-3312
Mitre link : CVE-2014-3312
CVE.ORG link : CVE-2014-3312
JSON object : View
Products Affected
- spa962_6-line_ip_phone_with_2-port_switch
- spa_301_1_line_ip_phone
- spa_502g_1-line_ip_phone
- spa_504g_4-line_ip_phone
- spa_508g_8-line_ip_phone
- spa942_4-line_ip_phone_with_2-port_switch
- spa_509g_12-line_ip_phone
- spa901_1-line_ip_phone
- spa941_4-line_ip_phone_with_1-port_ethernet
- spa_303_3_line_ip_phone
- spa_501g_8-line_ip_phone
- spa_512g_1-line_ip_phone
- spa922_1-line_ip_phone_with_1-port_ethernet
- spa_514g_4-line_ip_phone
- spa_525g2_5-line_ip_phone
- spa_525g_5-line_ip_phone
CWE
CWE-287
Improper Authentication