Sign-up

ID

VAR-201205-0216


CVE

CVE-2012-0333


TITLE

Cisco Small Business IP Phone of SPA 500 Series firmware vulnerabilities to make phone calls

Trust: 0.8

sources: JVNDB: JVNDB-2012-002201

DESCRIPTION

Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768. The problem is Bug ID CSCts08768 It is a problem.By a third party XML You may be able to make a call through the document

Trust: 1.98

sources: NVD: CVE-2012-0333 // JVNDB: JVNDB-2012-002201 // BID: 78266 // VULHUB: VHN-53614

AFFECTED PRODUCTS

vendor:ciscomodel:small business ip phonescope:eqversion:7.4.8

Trust: 1.9

vendor:ciscomodel:small business ip phonescope:eqversion:7.4.7

Trust: 1.9

vendor:ciscomodel:small business ip phonescope:eqversion:7.4.6

Trust: 1.9

vendor:ciscomodel:small business ip phonescope:eqversion:7.4.5

Trust: 1.9

vendor:ciscomodel:small business ip phonescope:eqversion:7.4.4

Trust: 1.9

vendor:ciscomodel:small business ip phonescope:eqversion:7.3.5

Trust: 1.9

vendor:ciscomodel:small business ip phonescope:eqversion:7.1.7

Trust: 1.9

vendor:ciscomodel:small business ip phonescope:eqversion:7.4.3

Trust: 1.9

vendor:ciscomodel:small business ip phonescope:eqversion:7.2.5

Trust: 1.9

vendor:ciscomodel:small business ip phonescope:eqversion:spa525g

Trust: 1.8

vendor:ciscomodel:small business ip phonescope:eqversion:spa525g2

Trust: 1.8

vendor:ciscomodel:small business ip phonescope:lteversion:7.4.9

Trust: 1.8

vendor:ciscomodel:small business ip phonescope:eqversion:7.4.9

Trust: 0.9

vendor:ciscomodel:small business ip phone spa525g2scope: - version: -

Trust: 0.3

vendor:ciscomodel:small business ip phone spa525gscope: - version: -

Trust: 0.3

sources: BID: 78266 // JVNDB: JVNDB-2012-002201 // CNNVD: CNNVD-201205-047 // NVD: CVE-2012-0333

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-0333
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-0333
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201205-047
value: MEDIUM

Trust: 0.6

VULHUB: VHN-53614
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-0333
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-53614
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-53614 // JVNDB: JVNDB-2012-002201 // CNNVD: CNNVD-201205-047 // NVD: CVE-2012-0333

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-53614 // JVNDB: JVNDB-2012-002201 // NVD: CVE-2012-0333

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201205-047

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201205-047

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-002201

PATCH
title:Release Notes for Cisco Small Businessurl:http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-002201

EXTERNAL IDS
db:NVDid:CVE-2012-0333
Trust: 2.8
db:SECTRACKid:1027012
Trust: 1.4
db:JVNDBid:JVNDB-2012-002201
Trust: 0.8
db:CNNVDid:CNNVD-201205-047
Trust: 0.7
db:BIDid:78266
Trust: 0.4
db:VULHUBid:VHN-53614
Trust: 0.1
sources:
            
            
            VULHUB: VHN-53614 // 
            
            
            
            BID: 78266 // 
            
            
            
            JVNDB: JVNDB-2012-002201 // 
            
            
            
            CNNVD: CNNVD-201205-047 // 
            
            
            
            NVD: CVE-2012-0333

REFERENCES
url:http://www-europe.cisco.com/en/us/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf
Trust: 2.0
url:http://www.securitytracker.com/id?1027012
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0333
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0333
Trust: 0.8
sources:
            
            
            VULHUB: VHN-53614 // 
            
            
            
            BID: 78266 // 
            
            
            
            JVNDB: JVNDB-2012-002201 // 
            
            
            
            CNNVD: CNNVD-201205-047 // 
            
            
            
            NVD: CVE-2012-0333

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 78266

SOURCES
db:VULHUBid:VHN-53614
db:BIDid:78266
db:JVNDBid:JVNDB-2012-002201
db:CNNVDid:CNNVD-201205-047
db:NVDid:CVE-2012-0333

LAST UPDATE DATE
2025-04-11T23:18:57.622000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-53614date:2012-10-30T00:00:00
db:BIDid:78266date:2012-05-02T00:00:00
db:JVNDBid:JVNDB-2012-002201date:2012-05-08T00:00:00
db:CNNVDid:CNNVD-201205-047date:2012-05-03T00:00:00
db:NVDid:CVE-2012-0333date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-53614date:2012-05-02T00:00:00
db:BIDid:78266date:2012-05-02T00:00:00
db:JVNDBid:JVNDB-2012-002201date:2012-05-08T00:00:00
db:CNNVDid:CNNVD-201205-047date:2012-05-03T00:00:00
db:NVDid:CVE-2012-0333date:2012-05-02T10:09:21.847