CVE-2014-3312 - Vulnerability Details

The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Spa901 1-line Ip Phone Spa922 1-line Ip Phone With 1-port Ethernet Spa941 4-line Ip Phone With 1-port Ethernet Spa942 4-line Ip Phone With 2-port Switch Spa962 6-line Ip Phone With 2-port Switch Spa 301 1 Line Ip Phone Spa 303 3 Line Ip Phone Spa 501g 8-line Ip Phone Spa 502g 1-line Ip Phone Spa 504g 4-line Ip Phone Spa 508g 8-line Ip Phone Spa 509g 12-line Ip Phone Spa 512g 1-line Ip Phone Spa 514g 4-line Ip Phone Spa 525g2 5-line Ip Phone Spa 525g 5-line Ip Phone

Configuration 1 [-]

OR	cpe:2.3:h:cisco:spa_301_1_line_ip_phone::::::::
	cpe:2.3:h:cisco:spa_303_3_line_ip_phone::::::::
	cpe:2.3:h:cisco:spa_501g_8-line_ip_phone::::::::
	cpe:2.3:h:cisco:spa_502g_1-line_ip_phone::::::::
	cpe:2.3:h:cisco:spa_504g_4-line_ip_phone::::::::
	cpe:2.3:h:cisco:spa_508g_8-line_ip_phone::::::::
	cpe:2.3:h:cisco:spa_509g_12-line_ip_phone::::::::
	cpe:2.3:h:cisco:spa_512g_1-line_ip_phone::::::::
	cpe:2.3:h:cisco:spa_514g_4-line_ip_phone::::::::
	cpe:2.3:h:cisco:spa_525g_5-line_ip_phone::::::::
	cpe:2.3:h:cisco:spa_525g2_5-line_ip_phone::::::::
	cpe:2.3:h:cisco:spa901_1-line_ip_phone::::::::
	cpe:2.3:h:cisco:spa922_1-line_ip_phone_with_1-port_ethernet::::::::
	cpe:2.3:h:cisco:spa941_4-line_ip_phone_with_1-port_ethernet::::::::
	cpe:2.3:h:cisco:spa942_4-line_ip_phone_with_2-port_switch::::::::
	cpe:2.3:h:cisco:spa962_6-line_ip_phone_with_2-port_switch::::::::

No data.

References

Link	Providers
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3312
http://www.securityfocus.com/bid/68465
http://www.securitytracker.com/id/1030552
https://exchange.xforce.ibmcloud.com/vulnerabilities/94421

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2014-07-09T10:00:00

Updated: 2024-08-06T10:43:05.119Z

Reserved: 2014-05-07T00:00:00

Link: CVE-2014-3312

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-07-09T11:07:01.493

Modified: 2024-11-21T02:07:50.677

Link: CVE-2014-3312

Redhat

No data.

Metrics

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object