Cisco Small Business SPA300 and SPA500 Series IP Phones Cross-site Scripting (CVE-2014-3313)

medium Tenable OT Security Plugin ID 502735

Synopsis

The remote OT asset is affected by a vulnerability.

Description

Cross-site scripting (XSS) vulnerability in the web user interface on Cisco Small Business SPA300 and SPA500 phones allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuo52582.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

Solution

Refer to the vendor advisory.

Plugin Details

Severity: Medium

ID: 502735

Version: 1.2

Type: remote

Family: Tenable.ot

Published: 12/4/2024

Updated: 12/5/2024

Supported Sensors: Tenable OT Security

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2014-3313

Vulnerability Information

CPE: cpe:/h:cisco:spa_502g_1-line_ip_phone, cpe:/h:cisco:spa_514g_4-line_ip_phone, cpe:/h:cisco:spa962_6-line_ip_phone_with_2-port_switch, cpe:/h:cisco:spa_301_1_line_ip_phone, cpe:/h:cisco:spa_512g_1-line_ip_phone, cpe:/h:cisco:spa_525g_5-line_ip_phone, cpe:/h:cisco:spa_508g_8-line_ip_phone, cpe:/h:cisco:spa_509g_12-line_ip_phone, cpe:/h:cisco:spa942_4-line_ip_phone_with_2-port_switch, cpe:/h:cisco:spa_525g2_5-line_ip_phone, cpe:/h:cisco:spa_303_3_line_ip_phone, cpe:/h:cisco:spa901_1-line_ip_phone, cpe:/h:cisco:spa_504g_4-line_ip_phone, cpe:/h:cisco:spa922_1-line_ip_phone_with_1-port_ethernet, cpe:/h:cisco:spa941_4-line_ip_phone_with_1-port_ethernet, cpe:/h:cisco:spa_501g_8-line_ip_phone

Required KB Items: Tenable.ot/Cisco

Exploit Ease: No known exploits are available

Patch Publication Date: 7/9/2014

Vulnerability Publication Date: 7/9/2014

Reference Information

CVE: CVE-2014-3313

CWE: 79

Detections

Analytics