CVE-2014-3312

The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
ciscospa_301_1_line_ip_phone
*
ciscospa_303_3_line_ip_phone
*
ciscospa_501g_8-line_ip_phone
*
ciscospa_502g_1-line_ip_phone
*
ciscospa_504g_4-line_ip_phone
*
ciscospa_508g_8-line_ip_phone
*
ciscospa_509g_12-line_ip_phone
*
ciscospa_512g_1-line_ip_phone
*
ciscospa_514g_4-line_ip_phone
*
ciscospa_525g_5-line_ip_phone
*
ciscospa_525g2_5-line_ip_phone
*
ciscospa901_1-line_ip_phone
*
ciscospa922_1-line_ip_phone_with_1-port_ethernet
*
ciscospa941_4-line_ip_phone_with_1-port_ethernet
*
ciscospa942_4-line_ip_phone_with_2-port_switch
*
ciscospa962_6-line_ip_phone_with_2-port_switch
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3312
http://www.securityfocus.com/bid/68465
http://www.securitytracker.com/id/1030552
https://exchange.xforce.ibmcloud.com/vulnerabilities/94421
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3312
http://www.securityfocus.com/bid/68465
http://www.securitytracker.com/id/1030552
https://exchange.xforce.ibmcloud.com/vulnerabilities/94421