CVE-2012-0333

medium Cisco
CVSS v3 Base Score
5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS Score
0.3%
Exploitation probability in 30 days
Top 49% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
P
Availability
None
Published: May 2, 2012 (5125 days ago)
Last Modified: April 29, 2026
Vendor: Cisco
Source: NVD

Description

Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.

CWE

CWE-287

Affected Products

cisco small business ip phone firmwarecisco small business ip phone

References

🔗 www-europe.cisco.com 🔗 www.securitytracker.com 🔗 www-europe.cisco.com 🔗 www.securitytracker.com