Detections
Analytics

Cisco Small Business IP Improper Authentication (CVE-2012-0333)

medium Tenable OT Security Plugin ID 502727

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

See Also

http://www.nessus.org/u?7f3e4dcb

http://www.securitytracker.com/id?1027012

Plugin Details

Severity: Medium

ID: 502727

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 12/4/2024

Updated: 12/5/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2012-0333

Vulnerability Information

CPE: cpe:/h:cisco:small_business_ip_phone:spa525g2, cpe:/h:cisco:small_business_ip_phone:spa525g

Required KB Items: Tenable.ot/Cisco

Exploit Ease: No known exploits are available

Patch Publication Date: 5/2/2012

Vulnerability Publication Date: 5/2/2012

Reference Information

CVE: CVE-2012-0333

CWE: 287