Cisco: >> Spa962 6-Line Ip Phone With 2-Port Switch Security Vulnerabilities
The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.
CVSS Score
6.9
EPSS Score
0.001
Published
2014-07-09
Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.
CVSS Score
4.3
EPSS Score
0.005
Published
2014-07-09