All the vulnerabilites related to cisco - spa500
Vulnerability from fkie_nvd
Published
2019-02-25 17:29
Modified
2024-11-21 04:37
Summary
A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa112_firmware:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "446DB55D-F434-4258-9E5C-916F6D50FEAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa112:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F61B8649-0781-4AF5-8CED-34616A9524FF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa525_firmware:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CDD2C6F-AE4E-406B-B20C-5D4CAE27E5B1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa525:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "452622A5-5A5A-40F2-AD69-4158FEA1309E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa5x5_firmware:7.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D45DCC7-38DC-4D31-B5C7-40CB1A509561",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa5x5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43DA3CED-C668-4B88-BB40-EA606D42A886",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa500_firmware:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE3C21C-30A2-4CE0-A3A7-C31D48675138",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4106574-86FB-4B35-AD82-0E553CDC222D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa500s_firmware:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0E6510C-DA29-40CA-A818-CCA6A6E99B6D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "66B2A148-467A-4F10-945C-1F49A218BD4F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa500ds_firmware:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "238CDC0D-55D3-4DC1-9AEB-132FA0955CC3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa500ds:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C7B9304-CCA9-41C0-A6B9-032DC923420C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa501g_firmware:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "95EDA2CC-0795-46B2-8028-8F126C478D6D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa501g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73B67905-79ED-4771-B436-49868BA7C922",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa502g_firmware:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C76137F-AAF4-43E0-8325-628F3040F7C8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa502g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D371387F-C7CC-46BB-85E9-419EF97D2A00",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa504g_firmware:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "81249DC5-3F5E-4F6F-8025-0C13DEE5B696",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa504g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3FE12AB-1CC7-450D-88F2-7B06C51DCE7C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa508g_firmware:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C27CF16B-9904-4333-989F-93CD89FF6853",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa508g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F38FDFF1-AD9D-40E1-A232-4B08AE0C4ABC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa509g_firmware:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A842DD1E-EEE7-4F35-811F-E5E09326B8E8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa509g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C04DA66-1516-40ED-B8AC-504F8B2B1E88",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa512g_firmware:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C838D5C8-D724-4C8C-86FC-961759D3FC99",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa512g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "92A92FEE-7CB5-43B1-8AC3-00C077DD4A63",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa514g_firmware:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9856BB19-C195-4917-8152-EB2CBBBAFC99",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa514g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "16C4089F-5B9F-4D69-8819-43B52309454F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:spa525g_firmware:1.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF7A2D2C-8C78-4616-8DFB-5B17C7974AA1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:spa525g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5602EAB-6507-4B5B-A05B-4FED970B43D0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el componente de manejo de certificados de los tel\u00e9fonos IP de Cisco SPA112, SPA525 y SPA5X5 podr\u00eda permitir que un atacante remoto no autenticado escuche o controle algunos aspectos de una conversaci\u00f3n SIP (Session Initiation Protocol) cifrada por TLS (Transport Level Security). Esta vulnerabilidad se debe a la validaci\u00f3n incorrecta de los certificados del servidor. Un atacante podr\u00eda explotar esta vulnerabilidad mediante la manipulaci\u00f3n de un certificado de servidor malicioso para presentarlo al cliente. Su explotaci\u00f3n podr\u00eda permitir que un atacante esp\u00ede el tr\u00e1fico cifrado por TLS y pueda enrutar o redirigir llamadas iniciadas por un dispositivo afectado. Las versiones afectadas incluyen la 7.6.2 de Cisco Small Business SPA525 Series IP Phones y Cisco Small Business SPA5X5 Series IP Phones, as\u00ed como la versi\u00f3n 1.4.2 de Cisco Small Business SPA500 Series IP Phones y Cisco Small Business SPA112 Series IP Phones."
    }
  ],
  "id": "CVE-2019-1683",
  "lastModified": "2024-11-21T04:37:05.440",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.2,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-25T17:29:00.280",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107111"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-201902-0450
Vulnerability from variot

A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones. CiscoSPA112Series and other products are products of Cisco. A certificate validation component exists in the certificate processing component of CiscoSPA112, SPA525, and SPA5X5Series. (TLS) Encrypted Session Initiation Protocol (SIP) call. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvm49157, CSCvn17125, CSCvn17128

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201902-0450",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "spa525",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "spa501g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "spa112",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "spa504g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "spa500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "spa514g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "spa500s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "spa500ds",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "spa508g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "spa5x5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "spa525g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "spa502g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "spa512g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "spa509g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "small business spa500 series ip phone",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 112",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 500ds",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 500s",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 501g",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 502g",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 504g",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 508g",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 525",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 5x5",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa5x5 series",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa112",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa525",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "small business voice gateways and atas",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "1.4.2"
      },
      {
        "model": "small business spa500 series ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "small business ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-04936"
      },
      {
        "db": "BID",
        "id": "107111"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002108"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1683"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa112_firmware:1.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa112:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa525_firmware:7.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa525:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa5x5_firmware:7.6.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa5x5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa500_firmware:1.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa500s_firmware:1.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa500s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa500ds_firmware:1.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa500ds:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa501g_firmware:1.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa501g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa502g_firmware:1.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa502g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa504g_firmware:1.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa504g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa508g_firmware:1.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa508g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa509g_firmware:1.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa509g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa512g_firmware:1.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa512g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa514g_firmware:1.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa514g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa525g_firmware:1.4.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa525g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-1683"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco would like to thank Jan Dubov? for reporting this vulnerability.,Cisco ?? ??,Jan Dubov??",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-801"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2019-1683",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2019-1683",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "CNVD-2019-04936",
            "impactScore": 7.8,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-149015",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "ykramarz@cisco.com",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "impactScore": 4.2,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.4,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-1683",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2019-1683",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "ykramarz@cisco.com",
            "id": "CVE-2019-1683",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-04936",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201902-801",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-149015",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-04936"
      },
      {
        "db": "VULHUB",
        "id": "VHN-149015"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002108"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1683"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1683"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-801"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones. CiscoSPA112Series and other products are products of Cisco. A certificate validation component exists in the certificate processing component of CiscoSPA112, SPA525, and SPA5X5Series. (TLS) Encrypted Session Initiation Protocol (SIP) call. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. \nThis issue is being tracked by Cisco Bug ID  CSCvm49157, CSCvn17125, CSCvn17128",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-1683"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002108"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-04936"
      },
      {
        "db": "BID",
        "id": "107111"
      },
      {
        "db": "VULHUB",
        "id": "VHN-149015"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-1683",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "107111",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002108",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-801",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-04936",
        "trust": 0.6
      },
      {
        "db": "NSFOCUS",
        "id": "42804",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.0538",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-149015",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-04936"
      },
      {
        "db": "VULHUB",
        "id": "VHN-149015"
      },
      {
        "db": "BID",
        "id": "107111"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002108"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1683"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-801"
      }
    ]
  },
  "id": "VAR-201902-0450",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-04936"
      },
      {
        "db": "VULHUB",
        "id": "VHN-149015"
      }
    ],
    "trust": 1.4738095333333332
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-04936"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:08:12.447000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20190220-ipphone-certs",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-ipphone-certs"
      },
      {
        "title": "Patch for CiscoSPA112, SPA525, and SPA5X5Series Certificate Validation Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/154139"
      },
      {
        "title": "Cisco SPA112 , SPA525  and SPA5X5 Series Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89595"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-04936"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002108"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-801"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-295",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-149015"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002108"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1683"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-ipphone-certs"
      },
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/107111"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-1683"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1683"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/75898"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/42804"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/cisco-ip-phone-spax-privilege-escalation-via-certificate-validation-28574"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-04936"
      },
      {
        "db": "VULHUB",
        "id": "VHN-149015"
      },
      {
        "db": "BID",
        "id": "107111"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002108"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1683"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-801"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-04936"
      },
      {
        "db": "VULHUB",
        "id": "VHN-149015"
      },
      {
        "db": "BID",
        "id": "107111"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002108"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-1683"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-801"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-02-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-04936"
      },
      {
        "date": "2019-02-25T00:00:00",
        "db": "VULHUB",
        "id": "VHN-149015"
      },
      {
        "date": "2019-02-20T00:00:00",
        "db": "BID",
        "id": "107111"
      },
      {
        "date": "2019-04-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002108"
      },
      {
        "date": "2019-02-25T17:29:00.280000",
        "db": "NVD",
        "id": "CVE-2019-1683"
      },
      {
        "date": "2019-02-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-801"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-02-22T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-04936"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-149015"
      },
      {
        "date": "2019-02-20T00:00:00",
        "db": "BID",
        "id": "107111"
      },
      {
        "date": "2019-04-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-002108"
      },
      {
        "date": "2023-03-23T17:34:03.533000",
        "db": "NVD",
        "id": "CVE-2019-1683"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201902-801"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-801"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Cisco SPA Vulnerability related to certificate validation in series products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-002108"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201902-801"
      }
    ],
    "trust": 0.6
  }
}

var-201609-0384
Vulnerability from variot

The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. CiscoSmallBusinessSPA300 and so on are Cisco's S-series IP telephony products. A denial of service vulnerability exists in CiscoSmallBusinessSPA300Series/SPA500Series and SPA51xIPPhones. An attacker could exploit the vulnerability to cause a denial of service. Cisco Small Business SPA300 and SPA500 Series IP Phones are prone to a remote denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCut67385. Cisco SPA300 and so on are the S series IP telephone products of Cisco (Cisco). HTTP framework is one of the HTTP frameworks

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201609-0384",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "spa500",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.5.7\\(6\\)"
      },
      {
        "model": "spa300",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.5.7\\(6\\)"
      },
      {
        "model": "small business spa300 series ip phone",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.5.7(6)"
      },
      {
        "model": "small business spa500 series ip phone",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.5.7(6)"
      },
      {
        "model": "spa51x ip phones",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "small business spa500 series",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "small business spa300 series",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa500 series ip phone",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.5.7\\(6\\)"
      },
      {
        "model": "spa300 series ip phone",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.5.7\\(6\\)"
      },
      {
        "model": "small business spa51x ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5.7(6)"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5.4"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5.3"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5.1"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4.8"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4.7"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4.6"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4.4"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4.3"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.7"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3.5"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2.5"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1.7"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1.3"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5.7(6)"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5.5"
      },
      {
        "model": "small business spa500 series ip phones 7.5.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5"
      },
      {
        "model": "small business spa500 series ip phones 7.4.9c",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "small business spa500 series ip phones 7.4.9a",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "small business spa500 series ip phones 7.4.8a",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.4"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.3"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.2"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.1"
      },
      {
        "model": "small business spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5.5"
      },
      {
        "model": "small business spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5.4"
      },
      {
        "model": "small business spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5.3"
      },
      {
        "model": "small business spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5.1"
      },
      {
        "model": "small business spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5.7(6)"
      },
      {
        "model": "small business spa300 series ip phones 7.5.2b",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "small business spa51x ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.2"
      },
      {
        "model": "small business spa300 series ip phones",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.6.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-07073"
      },
      {
        "db": "BID",
        "id": "92706"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004631"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1469"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-541"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa300_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.5.7\\(6\\)",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.5.7\\(6\\)",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa300_series_ip_phone:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa500_series_ip_phone:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1469"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Chris Watts",
    "sources": [
      {
        "db": "BID",
        "id": "92706"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-541"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2016-1469",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-1469",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-07073",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-90288",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 3.9,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-1469",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-1469",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-07073",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201608-541",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-90288",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-07073"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90288"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004631"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1469"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-541"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. CiscoSmallBusinessSPA300 and so on are Cisco\u0027s S-series IP telephony products. A denial of service vulnerability exists in CiscoSmallBusinessSPA300Series/SPA500Series and SPA51xIPPhones. An attacker could exploit the vulnerability to cause a denial of service. Cisco Small Business SPA300 and SPA500 Series IP Phones are prone to a remote denial-of-service vulnerability. \nThis issue is being tracked by Cisco Bug ID CSCut67385. Cisco SPA300 and so on are the S series IP telephone products of Cisco (Cisco). HTTP framework is one of the HTTP frameworks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-1469"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004631"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-07073"
      },
      {
        "db": "BID",
        "id": "92706"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90288"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-1469",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "92706",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1036717",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004631",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-541",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-07073",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-90288",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-07073"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90288"
      },
      {
        "db": "BID",
        "id": "92706"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004631"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1469"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-541"
      }
    ]
  },
  "id": "VAR-201609-0384",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-07073"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90288"
      }
    ],
    "trust": 1.2122252766666666
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-07073"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:37:45.548000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20160831-spa",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160831-spa"
      },
      {
        "title": "Patch for CiscoSmallBusinessSPA300Series/SPA500Series and SPA51xIPPhones Denial of Service Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/81030"
      },
      {
        "title": "Cisco Small Business SPA300 Series , SPA500 Series  and SPA51x IP Phones Remediation measures for denial of service vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=63838"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-07073"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004631"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-541"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-90288"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004631"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1469"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.securityfocus.com/bid/92706"
      },
      {
        "trust": 2.0,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160831-spa"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1036717"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1469"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1469"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-07073"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90288"
      },
      {
        "db": "BID",
        "id": "92706"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004631"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1469"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-541"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-07073"
      },
      {
        "db": "VULHUB",
        "id": "VHN-90288"
      },
      {
        "db": "BID",
        "id": "92706"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004631"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-1469"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-541"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-07073"
      },
      {
        "date": "2016-09-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90288"
      },
      {
        "date": "2016-08-31T00:00:00",
        "db": "BID",
        "id": "92706"
      },
      {
        "date": "2016-09-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004631"
      },
      {
        "date": "2016-09-12T01:59:00.130000",
        "db": "NVD",
        "id": "CVE-2016-1469"
      },
      {
        "date": "2016-08-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-541"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-09-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-07073"
      },
      {
        "date": "2017-08-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-90288"
      },
      {
        "date": "2016-08-31T00:00:00",
        "db": "BID",
        "id": "92706"
      },
      {
        "date": "2016-09-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-004631"
      },
      {
        "date": "2023-06-27T19:04:12.417000",
        "db": "NVD",
        "id": "CVE-2016-1469"
      },
      {
        "date": "2023-06-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201608-541"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-541"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Cisco SPA Device  HTTP Service operation interruption in the framework  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-004631"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201608-541"
      }
    ],
    "trust": 0.6
  }
}

var-201512-0410
Vulnerability from variot

The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400. Multiple Cisco IP Phones are prone to a local arbitrary file-upload vulnerability. A local attacker may leverage this issue to upload arbitrary files to the affected device. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCut67400. Cisco Small Business SPA30x, SPA50x and SPA51x are the S series IP telephone products of Cisco (Cisco). The vulnerability is caused by the fact that the program does not correctly verify the integrity of the firmware-image file. The following products are affected: Cisco SPA30X Series IP Phones, SPA50X Series IP Phones, SPA51X Series IP Phones

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201512-0410",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "spa500",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.5.7"
      },
      {
        "model": "spa300",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.5.7"
      },
      {
        "model": "small business spa300 series ip phone",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.5.7"
      },
      {
        "model": "small business spa500 series ip phone",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.5.7"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006445"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6403"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-175"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa500_firmware:7.5.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_501g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_502g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_500s:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_500ds:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_525g2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_504g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_508g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_509g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_512g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_514g:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa300_firmware:7.5.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_301:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_303:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6403"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "78739"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-175"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2015-6403",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2015-6403",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-84364",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-6403",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201512-175",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-84364",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84364"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006445"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6403"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-175"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400. Multiple Cisco IP Phones are prone to a local arbitrary file-upload vulnerability. \nA local attacker may leverage this issue to upload arbitrary files to  the affected device. This may aid in further attacks. \nThis issue is tracked by Cisco Bug ID  CSCut67400. Cisco Small Business SPA30x, SPA50x and SPA51x are the S series IP telephone products of Cisco (Cisco). The vulnerability is caused by the fact that the program does not correctly verify the integrity of the firmware-image file. The following products are affected: Cisco SPA30X Series IP Phones, SPA50X Series IP Phones, SPA51X Series IP Phones",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6403"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006445"
      },
      {
        "db": "BID",
        "id": "78739"
      },
      {
        "db": "VULHUB",
        "id": "VHN-84364"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-6403",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "78739",
        "trust": 2.0
      },
      {
        "db": "SECTRACK",
        "id": "1034376",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006445",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-175",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-84364",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84364"
      },
      {
        "db": "BID",
        "id": "78739"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006445"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6403"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-175"
      }
    ]
  },
  "id": "VAR-201512-0410",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84364"
      }
    ],
    "trust": 0.6982143
  },
  "last_update_date": "2023-12-18T13:34:27.290000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20151209-ipp",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-ipp"
      },
      {
        "title": "Multiple Cisco IP Phones Fixes for product file upload vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59033"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006445"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-175"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84364"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006445"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6403"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/78739"
      },
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-ipp"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1034376"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6403"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6403"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-84364"
      },
      {
        "db": "BID",
        "id": "78739"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006445"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6403"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-175"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-84364"
      },
      {
        "db": "BID",
        "id": "78739"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006445"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6403"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-175"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-12-15T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84364"
      },
      {
        "date": "2015-12-09T00:00:00",
        "db": "BID",
        "id": "78739"
      },
      {
        "date": "2015-12-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006445"
      },
      {
        "date": "2015-12-15T05:59:04.853000",
        "db": "NVD",
        "id": "CVE-2015-6403"
      },
      {
        "date": "2015-12-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-175"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-84364"
      },
      {
        "date": "2015-12-09T00:00:00",
        "db": "BID",
        "id": "78739"
      },
      {
        "date": "2015-12-18T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-006445"
      },
      {
        "date": "2016-12-07T18:20:00.803000",
        "db": "NVD",
        "id": "CVE-2015-6403"
      },
      {
        "date": "2015-12-16T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201512-175"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "78739"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-175"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Cisco Small Business SPA Phone  TFTP Implementation of a Trojan image loaded vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-006445"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201512-175"
      }
    ],
    "trust": 0.6
  }
}

var-201503-0173
Vulnerability from variot

The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482. Vendors have confirmed this vulnerability Bug ID CSCuo52482 It is released as.Skillfully crafted by a third party XML Depending on the request, the audio stream data may be read or an outgoing call may be initiated. Cisco Small Business IP phones SPA 300 and SPA 500 are Cisco 300 and SPA 500 series IP telephony products from Cisco. The program failed to set the authentication correctly. An attacker can exploit this issue to gain unauthorized access to the affected devices. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuo52482

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201503-0173",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "spa300",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.5.5"
      },
      {
        "model": "spa500",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "7.5.5"
      },
      {
        "model": "spa 502g 1-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 508g 8-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 525g 5-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 302d",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 301 1 line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 525g2 5-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 509g 12-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 302dkit",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 514g 4-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 504g 4-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 303 3 line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 501g 8-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "spa 512g 1-line ip phone",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "*"
      },
      {
        "model": "small business spa300 series ip phone",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.5.5"
      },
      {
        "model": "small business spa500 series ip phone",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "7.5.5"
      },
      {
        "model": "spa 301 1-line ip phone",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 302d multi-line ip phone",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 302dkit ip phone",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 303 3-line ip phone",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 501g 8-line ip phone",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 502g 1-line ip phone",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 504g 4-line ip phone",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 508g 8-line ip phone",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 509g 12-line ip phone",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 512g 1-line ip phone",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 514g 4-line ip phone",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 525g 5-line ip phone",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa 525g2 5-line ip phone",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "small business ip phones spa",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "3007.5.5"
      },
      {
        "model": "small business ip phones spa",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "5007.5.5"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5.5"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-01923"
      },
      {
        "db": "BID",
        "id": "73248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001900"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0670"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-416"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa500_firmware:7.5.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_504g_4-line_ip_phone:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_501g_8-line_ip_phone:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_525g2_5-line_ip_phone:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_508g_8-line_ip_phone:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_502g_1-line_ip_phone:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_525g_5-line_ip_phone:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_514g_4-line_ip_phone:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_512g_1-line_ip_phone:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_509g_12-line_ip_phone:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa300_firmware:7.5.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_302dkit:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_303_3_line_ip_phone:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_302d:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa_301_1_line_ip_phone:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0670"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "73248"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-0670",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2015-0670",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2015-01923",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-78616",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-0670",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-01923",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201503-416",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-78616",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-01923"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78616"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001900"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0670"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-416"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482. Vendors have confirmed this vulnerability Bug ID CSCuo52482 It is released as.Skillfully crafted by a third party XML Depending on the request, the audio stream data may be read or an outgoing call may be initiated. Cisco Small Business IP phones SPA 300 and SPA 500 are Cisco 300 and SPA 500 series IP telephony products from Cisco. The program failed to set the authentication correctly. \nAn attacker can exploit this issue to gain unauthorized access to the affected devices. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCuo52482",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-0670"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001900"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-01923"
      },
      {
        "db": "BID",
        "id": "73248"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78616"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-0670",
        "trust": 3.4
      },
      {
        "db": "SECTRACK",
        "id": "1031969",
        "trust": 1.1
      },
      {
        "db": "BID",
        "id": "73248",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001900",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-416",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-01923",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-78616",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-01923"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78616"
      },
      {
        "db": "BID",
        "id": "73248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001900"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0670"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-416"
      }
    ]
  },
  "id": "VAR-201503-0173",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-01923"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78616"
      }
    ],
    "trust": 1.3725045825
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-01923"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:29:37.752000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "37946",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37946"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001900"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-78616"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001900"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0670"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37946"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1031969"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0670"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0670"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-01923"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78616"
      },
      {
        "db": "BID",
        "id": "73248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001900"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0670"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-416"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-01923"
      },
      {
        "db": "VULHUB",
        "id": "VHN-78616"
      },
      {
        "db": "BID",
        "id": "73248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001900"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-0670"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-416"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-01923"
      },
      {
        "date": "2015-03-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78616"
      },
      {
        "date": "2015-03-19T00:00:00",
        "db": "BID",
        "id": "73248"
      },
      {
        "date": "2015-03-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001900"
      },
      {
        "date": "2015-03-21T01:59:01.560000",
        "db": "NVD",
        "id": "CVE-2015-0670"
      },
      {
        "date": "2015-03-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-416"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-03-24T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-01923"
      },
      {
        "date": "2015-10-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-78616"
      },
      {
        "date": "2015-03-19T00:00:00",
        "db": "BID",
        "id": "73248"
      },
      {
        "date": "2015-03-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-001900"
      },
      {
        "date": "2015-10-22T14:40:06.637000",
        "db": "NVD",
        "id": "CVE-2015-0670"
      },
      {
        "date": "2015-03-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201503-416"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-416"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Small Business IP phone of  SPA300 and  SPA500 Vulnerability to read audio stream data in the default settings of the series",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-001900"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201503-416"
      }
    ],
    "trust": 0.6
  }
}

var-201710-0649
Vulnerability from variot

A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308. Vendors have confirmed this vulnerability Bug ID CSCuz88421 , CSCuz91356 ,and CSCve56308 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Other attacks are also possible

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201710-0649",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "spa300",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.5.5"
      },
      {
        "model": "spa500",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "cisco",
        "version": "7.5.5"
      },
      {
        "model": "small business ip phone",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa500 series ip phones",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa300 series ip phones",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "spa300 series ip phone",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.5.5"
      },
      {
        "model": "spa500 series ip phone",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "7.5.5"
      },
      {
        "model": "spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "spa300 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "0"
      },
      {
        "model": "small business spa500 series ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5.5"
      },
      {
        "model": "small business ip phones",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "7.5.5"
      },
      {
        "model": "small business spa500 series ip phones 7.6 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "small business ip phones 7.6 sr3",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-35520"
      },
      {
        "db": "BID",
        "id": "101524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009474"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12271"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-886"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa300_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.5.5",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:spa500_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.5.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa300_series_ip_phone:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:spa500_series_ip_phone:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12271"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Chris Watts of Tech Analysis.",
    "sources": [
      {
        "db": "BID",
        "id": "101524"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-12271",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-12271",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2017-35520",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-102777",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-12271",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-12271",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-35520",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201710-886",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-102777",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-35520"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102777"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009474"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12271"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-886"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308. Vendors have confirmed this vulnerability Bug ID CSCuz88421 , CSCuz91356 ,and CSCve56308 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Other attacks are also possible",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-12271"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009474"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-35520"
      },
      {
        "db": "BID",
        "id": "101524"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102777"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-12271",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "101524",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1039621",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009474",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-886",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-35520",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-102777",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-35520"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102777"
      },
      {
        "db": "BID",
        "id": "101524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009474"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12271"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-886"
      }
    ]
  },
  "id": "VAR-201710-0649",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-35520"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102777"
      }
    ],
    "trust": 1.092628195
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-35520"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:29:22.159000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "cisco-sa-20171018-spa",
        "trust": 0.8,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171018-spa"
      },
      {
        "title": "Patch for CiscoSPA300 and SPA500SeriesIPPhones Cross-Site Request Forgery Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/106677"
      },
      {
        "title": "Cisco SPA300  and SPA500 Series IP Phones Fixes for cross-site request forgery vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75868"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-35520"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009474"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-886"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-102777"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009474"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12271"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171018-spa"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/101524"
      },
      {
        "trust": 1.7,
        "url": "http://www.securitytracker.com/id/1039621"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12271"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-12271"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-35520"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102777"
      },
      {
        "db": "BID",
        "id": "101524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009474"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12271"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-886"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-35520"
      },
      {
        "db": "VULHUB",
        "id": "VHN-102777"
      },
      {
        "db": "BID",
        "id": "101524"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009474"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-12271"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-886"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-35520"
      },
      {
        "date": "2017-10-19T00:00:00",
        "db": "VULHUB",
        "id": "VHN-102777"
      },
      {
        "date": "2017-10-18T00:00:00",
        "db": "BID",
        "id": "101524"
      },
      {
        "date": "2017-11-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009474"
      },
      {
        "date": "2017-10-19T08:29:00.343000",
        "db": "NVD",
        "id": "CVE-2017-12271"
      },
      {
        "date": "2017-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-886"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-35520"
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-102777"
      },
      {
        "date": "2017-10-18T00:00:00",
        "db": "BID",
        "id": "101524"
      },
      {
        "date": "2017-11-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009474"
      },
      {
        "date": "2023-06-27T19:04:05.580000",
        "db": "NVD",
        "id": "CVE-2017-12271"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-886"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-886"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco SPA300 and SPA500 Series IP Phones Cross-Site Request Forgery Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-35520"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-886"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-886"
      }
    ],
    "trust": 0.6
  }
}

cve-2019-1683
Vulnerability from cvelistv5
Published
2019-02-25 17:00
Modified
2024-11-21 19:44
Summary
A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:28:42.555Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
          },
          {
            "name": "107111",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107111"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-1683",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-21T19:00:23.263210Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-21T19:44:31.986Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Small Business SPA500 Series IP Phones",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "1.4.2"
            }
          ]
        },
        {
          "product": "Cisco Small Business SPA112 Series IP Phones",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "1.4.2"
            }
          ]
        },
        {
          "product": "Cisco Small Business SPA525 Series IP Phones",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.2"
            }
          ]
        },
        {
          "product": "Cisco Small Business SPA5X5 Series IP Phones",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "7.6.2"
            }
          ]
        }
      ],
      "datePublic": "2019-02-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-02-26T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
        },
        {
          "name": "107111",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107111"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190220-ipphone-certs",
        "defect": [
          [
            "CSCvm49157",
            "CSCvn17125",
            "CSCvn17128"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-02-20T16:00:00-0800",
          "ID": "CVE-2019-1683",
          "STATE": "PUBLIC",
          "TITLE": "Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Small Business SPA500 Series IP Phones",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.4.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Cisco Small Business SPA112 Series IP Phones",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.4.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Cisco Small Business SPA525 Series IP Phones",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Cisco Small Business SPA5X5 Series IP Phones",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.6.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.5",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-295"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
            },
            {
              "name": "107111",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107111"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190220-ipphone-certs",
          "defect": [
            [
              "CSCvm49157",
              "CSCvn17125",
              "CSCvn17128"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2019-1683",
    "datePublished": "2019-02-25T17:00:00Z",
    "dateReserved": "2018-12-06T00:00:00",
    "dateUpdated": "2024-11-21T19:44:31.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}