cvelistv5 - cve-2012-0333

CVE-2012-0333 (GCVE-0-2012-0333)

Vulnerability from cvelistv5 – Published: 2012-05-02 10:00 – Updated: 2024-08-06 18:23

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://www-europe.cisco.com/en/US/docs/voice_ip_c…	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1027012	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:23:30.915Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
          },
          {
            "name": "1027012",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027012"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-01-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2012-10-30T09:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
        },
        {
          "name": "1027012",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027012"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2012-0333",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf",
              "refsource": "CONFIRM",
              "url": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
            },
            {
              "name": "1027012",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027012"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2012-0333",
    "datePublished": "2012-05-02T10:00:00",
    "dateReserved": "2012-01-04T00:00:00",
    "dateUpdated": "2024-08-06T18:23:30.915Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:small_business_ip_phone_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"7.4.9\", \"matchCriteriaId\": \"8CEF7FB2-AA04-4793-84C9-F81A66B7472B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"741E1BF8-B26F-4D31-8116-DB304DF4A43D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77069CBA-79FB-437B-9F32-5511B8079AFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0575BEB0-5200-4B41-B9DB-6EA096DE83BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE775598-05F9-4941-A58B-1B2B1A326C29\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6479487-5C22-4E2B-9B96-24D30F1003EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D8EF6458-3D74-47A1-9F43-5BB2E6338DF1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"930DDF42-0C68-4DD2-A9BC-90154215FB7D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1D28D344-6271-4771-922F-0FE372B38EA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B223DBD-4ACF-42EA-8C65-1F4EDE0FE8AF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:small_business_ip_phone:spa525g:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBB7F10E-753A-4203-BEE0-9A51C36323A2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:small_business_ip_phone:spa525g2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1BDE56A-B57E-4B0D-B5D9-416D62B6EB57\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.\"}, {\"lang\": \"es\", \"value\": \"Los tel\\u00e9fonos Cisco Small Business IP con SPA de la serie 500 con el firmware v7.4.9  y anteriores no requieren de autenticaci\\u00f3n para solicitudes de inserci\\u00f3n de XML, lo que permite a atacantes remotos para hacer llamadas telef\\u00f3nicas a trav\\u00e9s de un documento XML, tambi\\u00e9n conocido como Bug ID CSCts08768.\"}]",
      "id": "CVE-2012-0333",
      "lastModified": "2024-11-21T01:34:49.030",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2012-05-02T10:09:21.847",
      "references": "[{\"url\": \"http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www.securitytracker.com/id?1027012\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1027012\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-0333\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2012-05-02T10:09:21.847\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.\"},{\"lang\":\"es\",\"value\":\"Los tel\u00e9fonos Cisco Small Business IP con SPA de la serie 500 con el firmware v7.4.9  y anteriores no requieren de autenticaci\u00f3n para solicitudes de inserci\u00f3n de XML, lo que permite a atacantes remotos para hacer llamadas telef\u00f3nicas a trav\u00e9s de un documento XML, tambi\u00e9n conocido como Bug ID CSCts08768.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:small_business_ip_phone_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.4.9\",\"matchCriteriaId\":\"8CEF7FB2-AA04-4793-84C9-F81A66B7472B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"741E1BF8-B26F-4D31-8116-DB304DF4A43D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77069CBA-79FB-437B-9F32-5511B8079AFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0575BEB0-5200-4B41-B9DB-6EA096DE83BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE775598-05F9-4941-A58B-1B2B1A326C29\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6479487-5C22-4E2B-9B96-24D30F1003EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8EF6458-3D74-47A1-9F43-5BB2E6338DF1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"930DDF42-0C68-4DD2-A9BC-90154215FB7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D28D344-6271-4771-922F-0FE372B38EA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B223DBD-4ACF-42EA-8C65-1F4EDE0FE8AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:small_business_ip_phone:spa525g:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBB7F10E-753A-4203-BEE0-9A51C36323A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:small_business_ip_phone:spa525g2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1BDE56A-B57E-4B0D-B5D9-416D62B6EB57\"}]}]}],\"references\":[{\"url\":\"http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www.securitytracker.com/id?1027012\",\"source\":\"psirt@cisco.com\"},{\"url\":\"http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1027012\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-201205-0216

Vulnerability from variot - Updated: 2023-12-18 13:49

Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768. The problem is Bug ID CSCts08768 It is a problem.By a third party XML You may be able to make a call through the document

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201205-0216",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "small business ip phone",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "7.4.8"
      },
      {
        "model": "small business ip phone",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "7.4.7"
      },
      {
        "model": "small business ip phone",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "7.4.6"
      },
      {
        "model": "small business ip phone",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "7.4.5"
      },
      {
        "model": "small business ip phone",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "7.4.4"
      },
      {
        "model": "small business ip phone",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "7.3.5"
      },
      {
        "model": "small business ip phone",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "7.1.7"
      },
      {
        "model": "small business ip phone",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "7.4.3"
      },
      {
        "model": "small business ip phone",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "cisco",
        "version": "7.2.5"
      },
      {
        "model": "small business ip phone",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "cisco",
        "version": "spa525g"
      },
      {
        "model": "small business ip phone",
        "scope": "eq",
        "trust": 1.8,
        "vendor": "cisco",
        "version": "spa525g2"
      },
      {
        "model": "small business ip phone",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "cisco",
        "version": "7.4.9"
      },
      {
        "model": "small business ip phone",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "cisco",
        "version": "7.4.9"
      },
      {
        "model": "small business ip phone spa525g2",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "small business ip phone spa525g",
        "scope": null,
        "trust": 0.3,
        "vendor": "cisco",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "78266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002201"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0333"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-047"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.3.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.4.9",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.1.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:small_business_ip_phone:spa525g:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:small_business_ip_phone:spa525g2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-0333"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unknown",
    "sources": [
      {
        "db": "BID",
        "id": "78266"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-0333",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2012-0333",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "VHN-53614",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2012-0333",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201205-047",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-53614",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53614"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002201"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0333"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-047"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768. The problem is Bug ID CSCts08768 It is a problem.By a third party XML You may be able to make a call through the document",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-0333"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002201"
      },
      {
        "db": "BID",
        "id": "78266"
      },
      {
        "db": "VULHUB",
        "id": "VHN-53614"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-0333",
        "trust": 2.8
      },
      {
        "db": "SECTRACK",
        "id": "1027012",
        "trust": 1.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002201",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-047",
        "trust": 0.7
      },
      {
        "db": "BID",
        "id": "78266",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-53614",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53614"
      },
      {
        "db": "BID",
        "id": "78266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002201"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0333"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-047"
      }
    ]
  },
  "id": "VAR-201205-0216",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53614"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:49:10.177000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Release Notes for Cisco Small Business",
        "trust": 0.8,
        "url": "http://www-europe.cisco.com/en/us/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002201"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53614"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002201"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0333"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www-europe.cisco.com/en/us/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
      },
      {
        "trust": 1.4,
        "url": "http://www.securitytracker.com/id?1027012"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0333"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0333"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-53614"
      },
      {
        "db": "BID",
        "id": "78266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002201"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0333"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-047"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-53614"
      },
      {
        "db": "BID",
        "id": "78266"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002201"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-0333"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-047"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-05-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-53614"
      },
      {
        "date": "2012-05-02T00:00:00",
        "db": "BID",
        "id": "78266"
      },
      {
        "date": "2012-05-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002201"
      },
      {
        "date": "2012-05-02T10:09:21.847000",
        "db": "NVD",
        "id": "CVE-2012-0333"
      },
      {
        "date": "2012-05-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201205-047"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-10-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-53614"
      },
      {
        "date": "2012-05-02T00:00:00",
        "db": "BID",
        "id": "78266"
      },
      {
        "date": "2012-05-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-002201"
      },
      {
        "date": "2012-10-30T04:00:10.220000",
        "db": "NVD",
        "id": "CVE-2012-0333"
      },
      {
        "date": "2012-05-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201205-047"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-047"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Small Business IP Phone of  SPA 500 Series firmware vulnerabilities to make phone calls",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-002201"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201205-047"
      }
    ],
    "trust": 0.6
  }
}

GHSA-C544-2MQ8-FPF3

Vulnerability from github – Published: 2022-05-04 00:29 – Updated: 2022-05-04 00:29

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-0333"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-05-02T10:09:00Z",
    "severity": "MODERATE"
  },
  "details": "Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.",
  "id": "GHSA-c544-2mq8-fpf3",
  "modified": "2022-05-04T00:29:33Z",
  "published": "2022-05-04T00:29:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0333"
    },
    {
      "type": "WEB",
      "url": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1027012"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2012-0333

Vulnerability from fkie_nvd - Published: 2012-05-02 10:09 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

	URL	Tags
	psirt@cisco.com	http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf
	psirt@cisco.com	http://www.securitytracker.com/id?1027012
	af854a3a-2127-422b-91ae-364da2661108	http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf
	af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1027012

Impacted products

Vendor	Product	Version
cisco	small_business_ip_phone_firmware	*
cisco	small_business_ip_phone_firmware	7.1.7
cisco	small_business_ip_phone_firmware	7.2.5
cisco	small_business_ip_phone_firmware	7.3.5
cisco	small_business_ip_phone_firmware	7.4.3
cisco	small_business_ip_phone_firmware	7.4.4
cisco	small_business_ip_phone_firmware	7.4.5
cisco	small_business_ip_phone_firmware	7.4.6
cisco	small_business_ip_phone_firmware	7.4.7
cisco	small_business_ip_phone_firmware	7.4.8
cisco	small_business_ip_phone	spa525g
cisco	small_business_ip_phone	spa525g2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEF7FB2-AA04-4793-84C9-F81A66B7472B",
              "versionEndIncluding": "7.4.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "741E1BF8-B26F-4D31-8116-DB304DF4A43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "77069CBA-79FB-437B-9F32-5511B8079AFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0575BEB0-5200-4B41-B9DB-6EA096DE83BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE775598-05F9-4941-A58B-1B2B1A326C29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6479487-5C22-4E2B-9B96-24D30F1003EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8EF6458-3D74-47A1-9F43-5BB2E6338DF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "930DDF42-0C68-4DD2-A9BC-90154215FB7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D28D344-6271-4771-922F-0FE372B38EA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B223DBD-4ACF-42EA-8C65-1F4EDE0FE8AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:small_business_ip_phone:spa525g:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBB7F10E-753A-4203-BEE0-9A51C36323A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:small_business_ip_phone:spa525g2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1BDE56A-B57E-4B0D-B5D9-416D62B6EB57",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768."
    },
    {
      "lang": "es",
      "value": "Los tel\u00e9fonos Cisco Small Business IP con SPA de la serie 500 con el firmware v7.4.9  y anteriores no requieren de autenticaci\u00f3n para solicitudes de inserci\u00f3n de XML, lo que permite a atacantes remotos para hacer llamadas telef\u00f3nicas a trav\u00e9s de un documento XML, tambi\u00e9n conocido como Bug ID CSCts08768."
    }
  ],
  "id": "CVE-2012-0333",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-02T10:09:21.847",
  "references": [
    {
      "source": "psirt@cisco.com",
      "url": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
    },
    {
      "source": "psirt@cisco.com",
      "url": "http://www.securitytracker.com/id?1027012"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027012"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2012-0333

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-0333

Aliases

CVE-2012-0333

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-0333",
    "description": "Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.",
    "id": "GSD-2012-0333"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-0333"
      ],
      "details": "Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.",
      "id": "GSD-2012-0333",
      "modified": "2023-12-13T01:20:14.091981Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2012-0333",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf",
            "refsource": "CONFIRM",
            "url": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
          },
          {
            "name": "1027012",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1027012"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.6:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.3.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.4:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "7.4.9",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.4.8:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.2.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:cisco:small_business_ip_phone_firmware:7.1.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:small_business_ip_phone:spa525g:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:small_business_ip_phone:spa525g2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2012-0333"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www-europe.cisco.com/en/US/docs/voice_ip_comm/csbpipp/ip_phones/release/notes/spa525g_relnote_7_5_1.pdf"
            },
            {
              "name": "1027012",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1027012"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2012-10-30T04:00Z",
      "publishedDate": "2012-05-02T10:09Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-0333 (GCVE-0-2012-0333)

VAR-201205-0216

GHSA-C544-2MQ8-FPF3

FKIE_CVE-2012-0333

GSD-2012-0333

Tags

Sightings

Nomenclature