Search criteria
5 vulnerabilities found for spa500 by cisco
VAR-201512-0410
Vulnerability from variot - Updated: 2023-12-18 13:34The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400. Multiple Cisco IP Phones are prone to a local arbitrary file-upload vulnerability. A local attacker may leverage this issue to upload arbitrary files to the affected device. This may aid in further attacks. This issue is tracked by Cisco Bug ID CSCut67400. Cisco Small Business SPA30x, SPA50x and SPA51x are the S series IP telephone products of Cisco (Cisco). The vulnerability is caused by the fact that the program does not correctly verify the integrity of the firmware-image file. The following products are affected: Cisco SPA30X Series IP Phones, SPA50X Series IP Phones, SPA51X Series IP Phones
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0410",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spa500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.5.7"
},
{
"model": "spa300",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.5.7"
},
{
"model": "small business spa300 series ip phone",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.5.7"
},
{
"model": "small business spa500 series ip phone",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.5.7"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006445"
},
{
"db": "NVD",
"id": "CVE-2015-6403"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-175"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa500_firmware:7.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_501g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_502g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_500ds:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_525g2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_504g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_508g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_509g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_512g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_514g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa300_firmware:7.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_301:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_303:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6403"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "78739"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-175"
}
],
"trust": 0.9
},
"cve": "CVE-2015-6403",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.2,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-6403",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-84364",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-6403",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-175",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-84364",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84364"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006445"
},
{
"db": "NVD",
"id": "CVE-2015-6403"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-175"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by leveraging shell access, aka Bug ID CSCut67400. Multiple Cisco IP Phones are prone to a local arbitrary file-upload vulnerability. \nA local attacker may leverage this issue to upload arbitrary files to the affected device. This may aid in further attacks. \nThis issue is tracked by Cisco Bug ID CSCut67400. Cisco Small Business SPA30x, SPA50x and SPA51x are the S series IP telephone products of Cisco (Cisco). The vulnerability is caused by the fact that the program does not correctly verify the integrity of the firmware-image file. The following products are affected: Cisco SPA30X Series IP Phones, SPA50X Series IP Phones, SPA51X Series IP Phones",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-6403"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006445"
},
{
"db": "BID",
"id": "78739"
},
{
"db": "VULHUB",
"id": "VHN-84364"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-6403",
"trust": 2.8
},
{
"db": "BID",
"id": "78739",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1034376",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006445",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-175",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-84364",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84364"
},
{
"db": "BID",
"id": "78739"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006445"
},
{
"db": "NVD",
"id": "CVE-2015-6403"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-175"
}
]
},
"id": "VAR-201512-0410",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-84364"
}
],
"trust": 0.6982143
},
"last_update_date": "2023-12-18T13:34:27.290000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20151209-ipp",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-ipp"
},
{
"title": "Multiple Cisco IP Phones Fixes for product file upload vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59033"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006445"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-175"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84364"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006445"
},
{
"db": "NVD",
"id": "CVE-2015-6403"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/78739"
},
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151209-ipp"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1034376"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6403"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6403"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-84364"
},
{
"db": "BID",
"id": "78739"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006445"
},
{
"db": "NVD",
"id": "CVE-2015-6403"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-175"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-84364"
},
{
"db": "BID",
"id": "78739"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006445"
},
{
"db": "NVD",
"id": "CVE-2015-6403"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-175"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-84364"
},
{
"date": "2015-12-09T00:00:00",
"db": "BID",
"id": "78739"
},
{
"date": "2015-12-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006445"
},
{
"date": "2015-12-15T05:59:04.853000",
"db": "NVD",
"id": "CVE-2015-6403"
},
{
"date": "2015-12-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-175"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-84364"
},
{
"date": "2015-12-09T00:00:00",
"db": "BID",
"id": "78739"
},
{
"date": "2015-12-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006445"
},
{
"date": "2016-12-07T18:20:00.803000",
"db": "NVD",
"id": "CVE-2015-6403"
},
{
"date": "2015-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-175"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "78739"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-175"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Small Business SPA Phone TFTP Implementation of a Trojan image loaded vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006445"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-175"
}
],
"trust": 0.6
}
}
VAR-201503-0173
Vulnerability from variot - Updated: 2023-12-18 13:29The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482. Vendors have confirmed this vulnerability Bug ID CSCuo52482 It is released as.Skillfully crafted by a third party XML Depending on the request, the audio stream data may be read or an outgoing call may be initiated. Cisco Small Business IP phones SPA 300 and SPA 500 are Cisco 300 and SPA 500 series IP telephony products from Cisco. The program failed to set the authentication correctly. An attacker can exploit this issue to gain unauthorized access to the affected devices. This may aid in further attacks. This issue is being tracked by Cisco Bug ID CSCuo52482
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201503-0173",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spa300",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "spa500",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "spa 502g 1-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 508g 8-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 525g 5-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 302d",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 301 1 line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 525g2 5-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 509g 12-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 302dkit",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 514g 4-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 504g 4-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 303 3 line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 501g 8-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "spa 512g 1-line ip phone",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "*"
},
{
"model": "small business spa300 series ip phone",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "small business spa500 series ip phone",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "spa 301 1-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 302d multi-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 302dkit ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 303 3-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 501g 8-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 502g 1-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 504g 4-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 508g 8-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 509g 12-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 512g 1-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 514g 4-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 525g 5-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 525g2 5-line ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "small business ip phones spa",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "3007.5.5"
},
{
"model": "small business ip phones spa",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "5007.5.5"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01923"
},
{
"db": "BID",
"id": "73248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001900"
},
{
"db": "NVD",
"id": "CVE-2015-0670"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-416"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa500_firmware:7.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_504g_4-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_501g_8-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_525g2_5-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_508g_8-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_502g_1-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_525g_5-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_514g_4-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_512g_1-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_509g_12-line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa300_firmware:7.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_302dkit:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_303_3_line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_302d:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa_301_1_line_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0670"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "73248"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0670",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-0670",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-01923",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-78616",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0670",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-01923",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201503-416",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78616",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01923"
},
{
"db": "VULHUB",
"id": "VHN-78616"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001900"
},
{
"db": "NVD",
"id": "CVE-2015-0670"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-416"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or originate telephone calls via a crafted XML request, aka Bug ID CSCuo52482. Vendors have confirmed this vulnerability Bug ID CSCuo52482 It is released as.Skillfully crafted by a third party XML Depending on the request, the audio stream data may be read or an outgoing call may be initiated. Cisco Small Business IP phones SPA 300 and SPA 500 are Cisco 300 and SPA 500 series IP telephony products from Cisco. The program failed to set the authentication correctly. \nAn attacker can exploit this issue to gain unauthorized access to the affected devices. This may aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCuo52482",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0670"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001900"
},
{
"db": "CNVD",
"id": "CNVD-2015-01923"
},
{
"db": "BID",
"id": "73248"
},
{
"db": "VULHUB",
"id": "VHN-78616"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0670",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1031969",
"trust": 1.1
},
{
"db": "BID",
"id": "73248",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001900",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201503-416",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-01923",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-78616",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01923"
},
{
"db": "VULHUB",
"id": "VHN-78616"
},
{
"db": "BID",
"id": "73248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001900"
},
{
"db": "NVD",
"id": "CVE-2015-0670"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-416"
}
]
},
"id": "VAR-201503-0173",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01923"
},
{
"db": "VULHUB",
"id": "VHN-78616"
}
],
"trust": 1.3725045825
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01923"
}
]
},
"last_update_date": "2023-12-18T13:29:37.752000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "37946",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37946"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001900"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78616"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001900"
},
{
"db": "NVD",
"id": "CVE-2015-0670"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37946"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1031969"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0670"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0670"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-01923"
},
{
"db": "VULHUB",
"id": "VHN-78616"
},
{
"db": "BID",
"id": "73248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001900"
},
{
"db": "NVD",
"id": "CVE-2015-0670"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-416"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-01923"
},
{
"db": "VULHUB",
"id": "VHN-78616"
},
{
"db": "BID",
"id": "73248"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001900"
},
{
"db": "NVD",
"id": "CVE-2015-0670"
},
{
"db": "CNNVD",
"id": "CNNVD-201503-416"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01923"
},
{
"date": "2015-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-78616"
},
{
"date": "2015-03-19T00:00:00",
"db": "BID",
"id": "73248"
},
{
"date": "2015-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001900"
},
{
"date": "2015-03-21T01:59:01.560000",
"db": "NVD",
"id": "CVE-2015-0670"
},
{
"date": "2015-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-416"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-03-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-01923"
},
{
"date": "2015-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-78616"
},
{
"date": "2015-03-19T00:00:00",
"db": "BID",
"id": "73248"
},
{
"date": "2015-03-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001900"
},
{
"date": "2015-10-22T14:40:06.637000",
"db": "NVD",
"id": "CVE-2015-0670"
},
{
"date": "2015-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201503-416"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-416"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Small Business IP phone of SPA300 and SPA500 Vulnerability to read audio stream data in the default settings of the series",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001900"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201503-416"
}
],
"trust": 0.6
}
}
VAR-201902-0450
Vulnerability from variot - Updated: 2023-12-18 13:08A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones. CiscoSPA112Series and other products are products of Cisco. A certificate validation component exists in the certificate processing component of CiscoSPA112, SPA525, and SPA5X5Series. (TLS) Encrypted Session Initiation Protocol (SIP) call. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. This issue is being tracked by Cisco Bug ID CSCvm49157, CSCvn17125, CSCvn17128
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0450",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spa525",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "spa501g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2"
},
{
"model": "spa112",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2"
},
{
"model": "spa504g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2"
},
{
"model": "spa500",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2"
},
{
"model": "spa514g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2"
},
{
"model": "spa500s",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2"
},
{
"model": "spa500ds",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2"
},
{
"model": "spa508g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2"
},
{
"model": "spa5x5",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "spa525g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2"
},
{
"model": "spa502g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2"
},
{
"model": "spa512g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2"
},
{
"model": "spa509g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.4.2"
},
{
"model": "small business spa500 series ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 112",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 500ds",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 500s",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 501g",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 502g",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 504g",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 508g",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 525",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa 5x5",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa5x5 series",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "spa112",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "spa525",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business voice gateways and atas",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.4.2"
},
{
"model": "small business spa500 series ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "small business ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04936"
},
{
"db": "BID",
"id": "107111"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002108"
},
{
"db": "NVD",
"id": "CVE-2019-1683"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa112_firmware:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa112:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa525_firmware:7.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa525:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa5x5_firmware:7.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa5x5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa500_firmware:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa500s_firmware:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa500s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa500ds_firmware:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa500ds:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa501g_firmware:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa501g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa502g_firmware:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa502g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa504g_firmware:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa504g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa508g_firmware:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa508g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa509g_firmware:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa509g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa512g_firmware:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa512g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa514g_firmware:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa514g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa525g_firmware:1.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa525g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1683"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco would like to thank Jan Dubov? for reporting this vulnerability.,Cisco ?? ??,Jan Dubov??",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-801"
}
],
"trust": 0.6
},
"cve": "CVE-2019-1683",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-1683",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "CNVD-2019-04936",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-149015",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-1683",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-1683",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2019-1683",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-04936",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-801",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-149015",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04936"
},
{
"db": "VULHUB",
"id": "VHN-149015"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002108"
},
{
"db": "NVD",
"id": "CVE-2019-1683"
},
{
"db": "NVD",
"id": "CVE-2019-1683"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-801"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones. CiscoSPA112Series and other products are products of Cisco. A certificate validation component exists in the certificate processing component of CiscoSPA112, SPA525, and SPA5X5Series. (TLS) Encrypted Session Initiation Protocol (SIP) call. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. \nThis issue is being tracked by Cisco Bug ID CSCvm49157, CSCvn17125, CSCvn17128",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-1683"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002108"
},
{
"db": "CNVD",
"id": "CNVD-2019-04936"
},
{
"db": "BID",
"id": "107111"
},
{
"db": "VULHUB",
"id": "VHN-149015"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-1683",
"trust": 3.4
},
{
"db": "BID",
"id": "107111",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002108",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-801",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-04936",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "42804",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0538",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-149015",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04936"
},
{
"db": "VULHUB",
"id": "VHN-149015"
},
{
"db": "BID",
"id": "107111"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002108"
},
{
"db": "NVD",
"id": "CVE-2019-1683"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-801"
}
]
},
"id": "VAR-201902-0450",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04936"
},
{
"db": "VULHUB",
"id": "VHN-149015"
}
],
"trust": 1.4738095333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04936"
}
]
},
"last_update_date": "2023-12-18T13:08:12.447000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20190220-ipphone-certs",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-ipphone-certs"
},
{
"title": "Patch for CiscoSPA112, SPA525, and SPA5X5Series Certificate Validation Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/154139"
},
{
"title": "Cisco SPA112 , SPA525 and SPA5X5 Series Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=89595"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04936"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002108"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-801"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-295",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-149015"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002108"
},
{
"db": "NVD",
"id": "CVE-2019-1683"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-ipphone-certs"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/107111"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-1683"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1683"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/75898"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/42804"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/cisco-ip-phone-spax-privilege-escalation-via-certificate-validation-28574"
},
{
"trust": 0.3,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-04936"
},
{
"db": "VULHUB",
"id": "VHN-149015"
},
{
"db": "BID",
"id": "107111"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002108"
},
{
"db": "NVD",
"id": "CVE-2019-1683"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-801"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-04936"
},
{
"db": "VULHUB",
"id": "VHN-149015"
},
{
"db": "BID",
"id": "107111"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002108"
},
{
"db": "NVD",
"id": "CVE-2019-1683"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-801"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-04936"
},
{
"date": "2019-02-25T00:00:00",
"db": "VULHUB",
"id": "VHN-149015"
},
{
"date": "2019-02-20T00:00:00",
"db": "BID",
"id": "107111"
},
{
"date": "2019-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002108"
},
{
"date": "2019-02-25T17:29:00.280000",
"db": "NVD",
"id": "CVE-2019-1683"
},
{
"date": "2019-02-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-801"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-04936"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-149015"
},
{
"date": "2019-02-20T00:00:00",
"db": "BID",
"id": "107111"
},
{
"date": "2019-04-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002108"
},
{
"date": "2023-03-23T17:34:03.533000",
"db": "NVD",
"id": "CVE-2019-1683"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-801"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-801"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco SPA Vulnerability related to certificate validation in series products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002108"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-801"
}
],
"trust": 0.6
}
}
VAR-201609-0384
Vulnerability from variot - Updated: 2023-12-18 12:37The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. CiscoSmallBusinessSPA300 and so on are Cisco's S-series IP telephony products. A denial of service vulnerability exists in CiscoSmallBusinessSPA300Series/SPA500Series and SPA51xIPPhones. An attacker could exploit the vulnerability to cause a denial of service. Cisco Small Business SPA300 and SPA500 Series IP Phones are prone to a remote denial-of-service vulnerability. This issue is being tracked by Cisco Bug ID CSCut67385. Cisco SPA300 and so on are the S series IP telephone products of Cisco (Cisco). HTTP framework is one of the HTTP frameworks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0384",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spa500",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.7\\(6\\)"
},
{
"model": "spa300",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.7\\(6\\)"
},
{
"model": "small business spa300 series ip phone",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "7.5.7(6)"
},
{
"model": "small business spa500 series ip phone",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "7.5.7(6)"
},
{
"model": "spa51x ip phones",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business spa500 series",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "small business spa300 series",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "spa500 series ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.5.7\\(6\\)"
},
{
"model": "spa300 series ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.5.7\\(6\\)"
},
{
"model": "small business spa51x ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.7(6)"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.4"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.3"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.1"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.4.8"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.4.7"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.4.6"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.4.4"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.4.3"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3.7"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3.5"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2.5"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.7"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1.3"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.7(6)"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "small business spa500 series ip phones 7.5.2b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5"
},
{
"model": "small business spa500 series ip phones 7.4.9c",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "small business spa500 series ip phones 7.4.9a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "small business spa500 series ip phones 7.4.8a",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.4"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.3"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.2"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.1"
},
{
"model": "small business spa300 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "small business spa300 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.4"
},
{
"model": "small business spa300 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.3"
},
{
"model": "small business spa300 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.1"
},
{
"model": "small business spa300 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.7(6)"
},
{
"model": "small business spa300 series ip phones 7.5.2b",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "small business spa51x ip phones",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "small business spa500 series ip phones",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6.2"
},
{
"model": "small business spa300 series ip phones",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "7.6.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07073"
},
{
"db": "BID",
"id": "92706"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004631"
},
{
"db": "NVD",
"id": "CVE-2016-1469"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-541"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa300_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.5.7\\(6\\)",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.5.7\\(6\\)",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa300_series_ip_phone:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa500_series_ip_phone:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1469"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Watts",
"sources": [
{
"db": "BID",
"id": "92706"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-541"
}
],
"trust": 0.9
},
"cve": "CVE-2016-1469",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-1469",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-07073",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-90288",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2016-1469",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1469",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-07073",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-541",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90288",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07073"
},
{
"db": "VULHUB",
"id": "VHN-90288"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004631"
},
{
"db": "NVD",
"id": "CVE-2016-1469"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-541"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. CiscoSmallBusinessSPA300 and so on are Cisco\u0027s S-series IP telephony products. A denial of service vulnerability exists in CiscoSmallBusinessSPA300Series/SPA500Series and SPA51xIPPhones. An attacker could exploit the vulnerability to cause a denial of service. Cisco Small Business SPA300 and SPA500 Series IP Phones are prone to a remote denial-of-service vulnerability. \nThis issue is being tracked by Cisco Bug ID CSCut67385. Cisco SPA300 and so on are the S series IP telephone products of Cisco (Cisco). HTTP framework is one of the HTTP frameworks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1469"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004631"
},
{
"db": "CNVD",
"id": "CNVD-2016-07073"
},
{
"db": "BID",
"id": "92706"
},
{
"db": "VULHUB",
"id": "VHN-90288"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1469",
"trust": 3.4
},
{
"db": "BID",
"id": "92706",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1036717",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004631",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201608-541",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-07073",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-90288",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07073"
},
{
"db": "VULHUB",
"id": "VHN-90288"
},
{
"db": "BID",
"id": "92706"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004631"
},
{
"db": "NVD",
"id": "CVE-2016-1469"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-541"
}
]
},
"id": "VAR-201609-0384",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07073"
},
{
"db": "VULHUB",
"id": "VHN-90288"
}
],
"trust": 1.2122252766666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07073"
}
]
},
"last_update_date": "2023-12-18T12:37:45.548000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20160831-spa",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160831-spa"
},
{
"title": "Patch for CiscoSmallBusinessSPA300Series/SPA500Series and SPA51xIPPhones Denial of Service Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/81030"
},
{
"title": "Cisco Small Business SPA300 Series , SPA500 Series and SPA51x IP Phones Remediation measures for denial of service vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=63838"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07073"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004631"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-541"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90288"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004631"
},
{
"db": "NVD",
"id": "CVE-2016-1469"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/92706"
},
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160831-spa"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1036717"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1469"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1469"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-07073"
},
{
"db": "VULHUB",
"id": "VHN-90288"
},
{
"db": "BID",
"id": "92706"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004631"
},
{
"db": "NVD",
"id": "CVE-2016-1469"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-541"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-07073"
},
{
"db": "VULHUB",
"id": "VHN-90288"
},
{
"db": "BID",
"id": "92706"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-004631"
},
{
"db": "NVD",
"id": "CVE-2016-1469"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-541"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07073"
},
{
"date": "2016-09-12T00:00:00",
"db": "VULHUB",
"id": "VHN-90288"
},
{
"date": "2016-08-31T00:00:00",
"db": "BID",
"id": "92706"
},
{
"date": "2016-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004631"
},
{
"date": "2016-09-12T01:59:00.130000",
"db": "NVD",
"id": "CVE-2016-1469"
},
{
"date": "2016-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-541"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-07073"
},
{
"date": "2017-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-90288"
},
{
"date": "2016-08-31T00:00:00",
"db": "BID",
"id": "92706"
},
{
"date": "2016-09-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-004631"
},
{
"date": "2023-06-27T19:04:12.417000",
"db": "NVD",
"id": "CVE-2016-1469"
},
{
"date": "2023-06-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-541"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-541"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco SPA Device HTTP Service operation interruption in the framework (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-004631"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-541"
}
],
"trust": 0.6
}
}
VAR-201710-0649
Vulnerability from variot - Updated: 2023-12-18 12:29A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308. Vendors have confirmed this vulnerability Bug ID CSCuz88421 , CSCuz91356 ,and CSCve56308 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0649",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "spa300",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "spa500",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "small business ip phone",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "spa500 series ip phones",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "spa300 series ip phones",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "spa300 series ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "spa500 series ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "spa300 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "0"
},
{
"model": "small business spa500 series ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "small business ip phones",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "7.5.5"
},
{
"model": "small business spa500 series ip phones 7.6 sr3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "small business ip phones 7.6 sr3",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35520"
},
{
"db": "BID",
"id": "101524"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009474"
},
{
"db": "NVD",
"id": "CVE-2017-12271"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-886"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:spa300_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.5.5",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:spa500_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.5.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:spa300_series_ip_phone:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:cisco:spa500_series_ip_phone:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12271"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Watts of Tech Analysis.",
"sources": [
{
"db": "BID",
"id": "101524"
}
],
"trust": 0.3
},
"cve": "CVE-2017-12271",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12271",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-35520",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-102777",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12271",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12271",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-35520",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-886",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-102777",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35520"
},
{
"db": "VULHUB",
"id": "VHN-102777"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009474"
},
{
"db": "NVD",
"id": "CVE-2017-12271"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-886"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker could exploit this vulnerability by tricking the user of a web application into executing an adverse action. Cisco Bug IDs: CSCuz88421, CSCuz91356, CSCve56308. Vendors have confirmed this vulnerability Bug ID CSCuz88421 , CSCuz91356 ,and CSCve56308 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12271"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009474"
},
{
"db": "CNVD",
"id": "CNVD-2017-35520"
},
{
"db": "BID",
"id": "101524"
},
{
"db": "VULHUB",
"id": "VHN-102777"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12271",
"trust": 3.4
},
{
"db": "BID",
"id": "101524",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1039621",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009474",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-886",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-35520",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-102777",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35520"
},
{
"db": "VULHUB",
"id": "VHN-102777"
},
{
"db": "BID",
"id": "101524"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009474"
},
{
"db": "NVD",
"id": "CVE-2017-12271"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-886"
}
]
},
"id": "VAR-201710-0649",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35520"
},
{
"db": "VULHUB",
"id": "VHN-102777"
}
],
"trust": 1.092628195
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35520"
}
]
},
"last_update_date": "2023-12-18T12:29:22.159000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-20171018-spa",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171018-spa"
},
{
"title": "Patch for CiscoSPA300 and SPA500SeriesIPPhones Cross-Site Request Forgery Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/106677"
},
{
"title": "Cisco SPA300 and SPA500 Series IP Phones Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=75868"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35520"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009474"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-886"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-102777"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009474"
},
{
"db": "NVD",
"id": "CVE-2017-12271"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20171018-spa"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/101524"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039621"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12271"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12271"
},
{
"trust": 0.3,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35520"
},
{
"db": "VULHUB",
"id": "VHN-102777"
},
{
"db": "BID",
"id": "101524"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009474"
},
{
"db": "NVD",
"id": "CVE-2017-12271"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-886"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-35520"
},
{
"db": "VULHUB",
"id": "VHN-102777"
},
{
"db": "BID",
"id": "101524"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-009474"
},
{
"db": "NVD",
"id": "CVE-2017-12271"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-886"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35520"
},
{
"date": "2017-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-102777"
},
{
"date": "2017-10-18T00:00:00",
"db": "BID",
"id": "101524"
},
{
"date": "2017-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009474"
},
{
"date": "2017-10-19T08:29:00.343000",
"db": "NVD",
"id": "CVE-2017-12271"
},
{
"date": "2017-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-886"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-35520"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-102777"
},
{
"date": "2017-10-18T00:00:00",
"db": "BID",
"id": "101524"
},
{
"date": "2017-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-009474"
},
{
"date": "2023-06-27T19:04:05.580000",
"db": "NVD",
"id": "CVE-2017-12271"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-886"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-886"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco SPA300 and SPA500 Series IP Phones Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-35520"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-886"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-886"
}
],
"trust": 0.6
}
}