Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for spa508g_firmware by cisco

    CVE-2023-20218 (GCVE-0-2023-20218)

    Vulnerability from nvd – Published: 2023-08-03 21:20 – Updated: 2024-10-17 14:59
    VLAI
    Summary
    A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]]
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business IP Phones Affected: 7.6.0
    Affected: 7.6.2
    Affected: 7.6.2SR3
    Affected: 7.6.2SR6
    Affected: 7.6.2SR2
    Affected: 7.6.2SR4
    Affected: 7.6.2SR1
    Affected: 7.6.2SR5
    Affected: 7.6.2SR7
    Affected: 7.6.1
    Affected: 7.3.7
    Affected: 7.5.5
    Affected: 7.5.6(XU)
    Affected: 7.5.2
    Affected: 7.5.2a
    Affected: 7.5.7
    Affected: 7.5.3
    Affected: 7.5.6
    Affected: 7.5.2b
    Affected: 7.5.6c
    Affected: 7.5.6a
    Affected: 7.5.7s
    Affected: 7.5.1
    Affected: 7.5.5a
    Affected: 7.5.5b
    Affected: 7.5.4
    Affected: 7.4.7
    Affected: 7.4.4
    Affected: 7.4.8
    Affected: 7.4.3
    Affected: 7.4.9
    Affected: 7.4.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.868Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-spa-web-multi-7kvPmu2F",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20218",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T14:58:32.797326Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T14:59:14.948Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "status": "affected",
                  "version": "7.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR3"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR6"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR2"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR4"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR1"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR5"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR7"
                },
                {
                  "status": "affected",
                  "version": "7.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.6(XU)"
                },
                {
                  "status": "affected",
                  "version": "7.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.2a"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.2b"
                },
                {
                  "status": "affected",
                  "version": "7.5.6c"
                },
                {
                  "status": "affected",
                  "version": "7.5.6a"
                },
                {
                  "status": "affected",
                  "version": "7.5.7s"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.5a"
                },
                {
                  "status": "affected",
                  "version": "7.5.5b"
                },
                {
                  "status": "affected",
                  "version": "7.5.4"
                },
                {
                  "status": "affected",
                  "version": "7.4.7"
                },
                {
                  "status": "affected",
                  "version": "7.4.4"
                },
                {
                  "status": "affected",
                  "version": "7.4.8"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.4.9"
                },
                {
                  "status": "affected",
                  "version": "7.4.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user\u0027s browser.\r\n\r This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.\r\n\r Cisco will not release software updates that address this vulnerability.  \r\n\r  {{value}} [\"%7b%7bvalue%7d%7d\"])}]]"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:58:22.717Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-spa-web-multi-7kvPmu2F",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
            }
          ],
          "source": {
            "advisory": "cisco-sa-spa-web-multi-7kvPmu2F",
            "defects": [
              "CSCwf82071"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20218",
        "datePublished": "2023-08-03T21:20:29.588Z",
        "dateReserved": "2022-10-27T18:47:50.368Z",
        "dateUpdated": "2024-10-17T14:59:14.948Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20181 (GCVE-0-2023-20181)

    Vulnerability from nvd – Published: 2023-08-03 21:22 – Updated: 2024-08-02 09:05
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business IP Phones Affected: 7.6.0
    Affected: 7.6.2
    Affected: 7.6.2SR3
    Affected: 7.6.2SR6
    Affected: 7.6.2SR2
    Affected: 7.6.2SR4
    Affected: 7.6.2SR1
    Affected: 7.6.2SR5
    Affected: 7.6.2SR7
    Affected: 7.6.1
    Affected: 7.3.7
    Affected: 7.5.5
    Affected: 7.5.6(XU)
    Affected: 7.5.2
    Affected: 7.5.2a
    Affected: 7.5.7
    Affected: 7.5.3
    Affected: 7.5.6
    Affected: 7.5.2b
    Affected: 7.5.6c
    Affected: 7.5.6a
    Affected: 7.5.7s
    Affected: 7.5.1
    Affected: 7.5.5a
    Affected: 7.5.5b
    Affected: 7.5.4
    Affected: 7.4.7
    Affected: 7.4.4
    Affected: 7.4.8
    Affected: 7.4.3
    Affected: 7.4.9
    Affected: 7.4.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.968Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-spa-web-multi-7kvPmu2F",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "status": "affected",
                  "version": "7.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR3"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR6"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR2"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR4"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR1"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR5"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR7"
                },
                {
                  "status": "affected",
                  "version": "7.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.6(XU)"
                },
                {
                  "status": "affected",
                  "version": "7.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.2a"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.2b"
                },
                {
                  "status": "affected",
                  "version": "7.5.6c"
                },
                {
                  "status": "affected",
                  "version": "7.5.6a"
                },
                {
                  "status": "affected",
                  "version": "7.5.7s"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.5a"
                },
                {
                  "status": "affected",
                  "version": "7.5.5b"
                },
                {
                  "status": "affected",
                  "version": "7.5.4"
                },
                {
                  "status": "affected",
                  "version": "7.4.7"
                },
                {
                  "status": "affected",
                  "version": "7.4.4"
                },
                {
                  "status": "affected",
                  "version": "7.4.8"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.4.9"
                },
                {
                  "status": "affected",
                  "version": "7.4.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:51.566Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-spa-web-multi-7kvPmu2F",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
            }
          ],
          "source": {
            "advisory": "cisco-sa-spa-web-multi-7kvPmu2F",
            "defects": [
              "CSCwf04956"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20181",
        "datePublished": "2023-08-03T21:22:47.480Z",
        "dateReserved": "2022-10-27T18:47:50.364Z",
        "dateUpdated": "2024-08-02T09:05:36.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1923 (GCVE-0-2019-1923)

    Vulnerability from nvd – Published: 2019-07-17 20:25 – Updated: 2024-11-20 17:15
    VLAI
    Title
    Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability
    Summary
    A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by accessing the configuration interface, which may require a password, and then accessing the device's physical interface and inserting a USB storage device. A successful exploit could allow the attacker to execute arbitrary commands on the device in an elevated security context. At the time of publication, this vulnerability affected Cisco Small Business SPA500 Series IP Phones firmware releases 7.6.2SR5 and prior.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/109294 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Cisco Cisco SPA525G2 5-line IP Phone Affected: unspecified , < 7.6.2SR5 (custom)
    Create a notification for this product.
    Date Public
    2019-07-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:35:51.261Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190717 Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-spa500-command"
              },
              {
                "name": "109294",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/109294"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1923",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T16:53:45.385834Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T17:15:15.438Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco SPA525G2 5-line IP Phone",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "7.6.2SR5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-07-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by accessing the configuration interface, which may require a password, and then accessing the device\u0027s physical interface and inserting a USB storage device. A successful exploit could allow the attacker to execute arbitrary commands on the device in an elevated security context. At the time of publication, this vulnerability affected Cisco Small Business SPA500 Series IP Phones firmware releases 7.6.2SR5 and prior."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-19T09:06:06.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20190717 Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-spa500-command"
            },
            {
              "name": "109294",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/109294"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20190717-spa500-command",
            "defect": [
              [
                "CSCvp40762",
                "CSCvp40765"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-07-17T16:00:00-0700",
              "ID": "CVE-2019-1923",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco SPA525G2 5-line IP Phone",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.6.2SR5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by accessing the configuration interface, which may require a password, and then accessing the device\u0027s physical interface and inserting a USB storage device. A successful exploit could allow the attacker to execute arbitrary commands on the device in an elevated security context. At the time of publication, this vulnerability affected Cisco Small Business SPA500 Series IP Phones firmware releases 7.6.2SR5 and prior."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.6",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-77"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190717 Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-spa500-command"
                },
                {
                  "name": "109294",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/109294"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20190717-spa500-command",
              "defect": [
                [
                  "CSCvp40762",
                  "CSCvp40765"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-1923",
        "datePublished": "2019-07-17T20:25:33.670Z",
        "dateReserved": "2018-12-06T00:00:00.000Z",
        "dateUpdated": "2024-11-20T17:15:15.438Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1683 (GCVE-0-2019-1683)

    Vulnerability from nvd – Published: 2019-02-25 17:00 – Updated: 2024-11-21 19:44
    VLAI
    Title
    Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability
    Summary
    A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/107111 vdb-entryx_refsource_BID
    Date Public
    2019-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:28:42.555Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
              },
              {
                "name": "107111",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107111"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1683",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T19:00:23.263210Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T19:44:31.986Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business SPA500 Series IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.4.2"
                }
              ]
            },
            {
              "product": "Cisco Small Business SPA112 Series IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.4.2"
                }
              ]
            },
            {
              "product": "Cisco Small Business SPA525 Series IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.2"
                }
              ]
            },
            {
              "product": "Cisco Small Business SPA5X5 Series IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.2"
                }
              ]
            }
          ],
          "datePublic": "2019-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-26T10:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
            },
            {
              "name": "107111",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107111"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20190220-ipphone-certs",
            "defect": [
              [
                "CSCvm49157",
                "CSCvn17125",
                "CSCvn17128"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-02-20T16:00:00-0800",
              "ID": "CVE-2019-1683",
              "STATE": "PUBLIC",
              "TITLE": "Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Small Business SPA500 Series IP Phones",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.4.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cisco Small Business SPA112 Series IP Phones",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.4.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cisco Small Business SPA525 Series IP Phones",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.6.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cisco Small Business SPA5X5 Series IP Phones",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.6.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-295"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
                },
                {
                  "name": "107111",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107111"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20190220-ipphone-certs",
              "defect": [
                [
                  "CSCvm49157",
                  "CSCvn17125",
                  "CSCvn17128"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-1683",
        "datePublished": "2019-02-25T17:00:00.000Z",
        "dateReserved": "2018-12-06T00:00:00.000Z",
        "dateUpdated": "2024-11-21T19:44:31.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20181 (GCVE-0-2023-20181)

    Vulnerability from cvelistv5 – Published: 2023-08-03 21:22 – Updated: 2024-08-02 09:05
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business IP Phones Affected: 7.6.0
    Affected: 7.6.2
    Affected: 7.6.2SR3
    Affected: 7.6.2SR6
    Affected: 7.6.2SR2
    Affected: 7.6.2SR4
    Affected: 7.6.2SR1
    Affected: 7.6.2SR5
    Affected: 7.6.2SR7
    Affected: 7.6.1
    Affected: 7.3.7
    Affected: 7.5.5
    Affected: 7.5.6(XU)
    Affected: 7.5.2
    Affected: 7.5.2a
    Affected: 7.5.7
    Affected: 7.5.3
    Affected: 7.5.6
    Affected: 7.5.2b
    Affected: 7.5.6c
    Affected: 7.5.6a
    Affected: 7.5.7s
    Affected: 7.5.1
    Affected: 7.5.5a
    Affected: 7.5.5b
    Affected: 7.5.4
    Affected: 7.4.7
    Affected: 7.4.4
    Affected: 7.4.8
    Affected: 7.4.3
    Affected: 7.4.9
    Affected: 7.4.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.968Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-spa-web-multi-7kvPmu2F",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "status": "affected",
                  "version": "7.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR3"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR6"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR2"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR4"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR1"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR5"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR7"
                },
                {
                  "status": "affected",
                  "version": "7.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.6(XU)"
                },
                {
                  "status": "affected",
                  "version": "7.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.2a"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.2b"
                },
                {
                  "status": "affected",
                  "version": "7.5.6c"
                },
                {
                  "status": "affected",
                  "version": "7.5.6a"
                },
                {
                  "status": "affected",
                  "version": "7.5.7s"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.5a"
                },
                {
                  "status": "affected",
                  "version": "7.5.5b"
                },
                {
                  "status": "affected",
                  "version": "7.5.4"
                },
                {
                  "status": "affected",
                  "version": "7.4.7"
                },
                {
                  "status": "affected",
                  "version": "7.4.4"
                },
                {
                  "status": "affected",
                  "version": "7.4.8"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.4.9"
                },
                {
                  "status": "affected",
                  "version": "7.4.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:51.566Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-spa-web-multi-7kvPmu2F",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
            }
          ],
          "source": {
            "advisory": "cisco-sa-spa-web-multi-7kvPmu2F",
            "defects": [
              "CSCwf04956"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20181",
        "datePublished": "2023-08-03T21:22:47.480Z",
        "dateReserved": "2022-10-27T18:47:50.364Z",
        "dateUpdated": "2024-08-02T09:05:36.968Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20218 (GCVE-0-2023-20218)

    Vulnerability from cvelistv5 – Published: 2023-08-03 21:20 – Updated: 2024-10-17 14:59
    VLAI
    Summary
    A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks. Cisco will not release software updates that address this vulnerability. {{value}} ["%7b%7bvalue%7d%7d"])}]]
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Small Business IP Phones Affected: 7.6.0
    Affected: 7.6.2
    Affected: 7.6.2SR3
    Affected: 7.6.2SR6
    Affected: 7.6.2SR2
    Affected: 7.6.2SR4
    Affected: 7.6.2SR1
    Affected: 7.6.2SR5
    Affected: 7.6.2SR7
    Affected: 7.6.1
    Affected: 7.3.7
    Affected: 7.5.5
    Affected: 7.5.6(XU)
    Affected: 7.5.2
    Affected: 7.5.2a
    Affected: 7.5.7
    Affected: 7.5.3
    Affected: 7.5.6
    Affected: 7.5.2b
    Affected: 7.5.6c
    Affected: 7.5.6a
    Affected: 7.5.7s
    Affected: 7.5.1
    Affected: 7.5.5a
    Affected: 7.5.5b
    Affected: 7.5.4
    Affected: 7.4.7
    Affected: 7.4.4
    Affected: 7.4.8
    Affected: 7.4.3
    Affected: 7.4.9
    Affected: 7.4.6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:36.868Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-spa-web-multi-7kvPmu2F",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20218",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-17T14:58:32.797326Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-17T14:59:14.948Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "status": "affected",
                  "version": "7.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR3"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR6"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR2"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR4"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR1"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR5"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR7"
                },
                {
                  "status": "affected",
                  "version": "7.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.3.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.6(XU)"
                },
                {
                  "status": "affected",
                  "version": "7.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.2a"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.2b"
                },
                {
                  "status": "affected",
                  "version": "7.5.6c"
                },
                {
                  "status": "affected",
                  "version": "7.5.6a"
                },
                {
                  "status": "affected",
                  "version": "7.5.7s"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.5.5a"
                },
                {
                  "status": "affected",
                  "version": "7.5.5b"
                },
                {
                  "status": "affected",
                  "version": "7.5.4"
                },
                {
                  "status": "affected",
                  "version": "7.4.7"
                },
                {
                  "status": "affected",
                  "version": "7.4.4"
                },
                {
                  "status": "affected",
                  "version": "7.4.8"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.4.9"
                },
                {
                  "status": "affected",
                  "version": "7.4.6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user\u0027s browser.\r\n\r This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.\r\n\r Cisco will not release software updates that address this vulnerability.  \r\n\r  {{value}} [\"%7b%7bvalue%7d%7d\"])}]]"
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-80",
                  "description": "Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:58:22.717Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-spa-web-multi-7kvPmu2F",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
            }
          ],
          "source": {
            "advisory": "cisco-sa-spa-web-multi-7kvPmu2F",
            "defects": [
              "CSCwf82071"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20218",
        "datePublished": "2023-08-03T21:20:29.588Z",
        "dateReserved": "2022-10-27T18:47:50.368Z",
        "dateUpdated": "2024-10-17T14:59:14.948Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1923 (GCVE-0-2019-1923)

    Vulnerability from cvelistv5 – Published: 2019-07-17 20:25 – Updated: 2024-11-20 17:15
    VLAI
    Title
    Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability
    Summary
    A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by accessing the configuration interface, which may require a password, and then accessing the device's physical interface and inserting a USB storage device. A successful exploit could allow the attacker to execute arbitrary commands on the device in an elevated security context. At the time of publication, this vulnerability affected Cisco Small Business SPA500 Series IP Phones firmware releases 7.6.2SR5 and prior.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/109294 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Cisco Cisco SPA525G2 5-line IP Phone Affected: unspecified , < 7.6.2SR5 (custom)
    Create a notification for this product.
    Date Public
    2019-07-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:35:51.261Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190717 Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-spa500-command"
              },
              {
                "name": "109294",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/109294"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1923",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-20T16:53:45.385834Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-20T17:15:15.438Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco SPA525G2 5-line IP Phone",
              "vendor": "Cisco",
              "versions": [
                {
                  "lessThan": "7.6.2SR5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "datePublic": "2019-07-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by accessing the configuration interface, which may require a password, and then accessing the device\u0027s physical interface and inserting a USB storage device. A successful exploit could allow the attacker to execute arbitrary commands on the device in an elevated security context. At the time of publication, this vulnerability affected Cisco Small Business SPA500 Series IP Phones firmware releases 7.6.2SR5 and prior."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-77",
                  "description": "CWE-77",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-07-19T09:06:06.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20190717 Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-spa500-command"
            },
            {
              "name": "109294",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/109294"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20190717-spa500-command",
            "defect": [
              [
                "CSCvp40762",
                "CSCvp40765"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-07-17T16:00:00-0700",
              "ID": "CVE-2019-1923",
              "STATE": "PUBLIC",
              "TITLE": "Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco SPA525G2 5-line IP Phone",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "7.6.2SR5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by accessing the configuration interface, which may require a password, and then accessing the device\u0027s physical interface and inserting a USB storage device. A successful exploit could allow the attacker to execute arbitrary commands on the device in an elevated security context. At the time of publication, this vulnerability affected Cisco Small Business SPA500 Series IP Phones firmware releases 7.6.2SR5 and prior."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.6",
                "vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-77"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190717 Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190717-spa500-command"
                },
                {
                  "name": "109294",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/109294"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20190717-spa500-command",
              "defect": [
                [
                  "CSCvp40762",
                  "CSCvp40765"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-1923",
        "datePublished": "2019-07-17T20:25:33.670Z",
        "dateReserved": "2018-12-06T00:00:00.000Z",
        "dateUpdated": "2024-11-20T17:15:15.438Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-1683 (GCVE-0-2019-1683)

    Vulnerability from cvelistv5 – Published: 2019-02-25 17:00 – Updated: 2024-11-21 19:44
    VLAI
    Title
    Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability
    Summary
    A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    http://www.securityfocus.com/bid/107111 vdb-entryx_refsource_BID
    Date Public
    2019-02-20 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T18:28:42.555Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
              },
              {
                "name": "107111",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/107111"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-1683",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-21T19:00:23.263210Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-21T19:44:31.986Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Small Business SPA500 Series IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.4.2"
                }
              ]
            },
            {
              "product": "Cisco Small Business SPA112 Series IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.4.2"
                }
              ]
            },
            {
              "product": "Cisco Small Business SPA525 Series IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.2"
                }
              ]
            },
            {
              "product": "Cisco Small Business SPA5X5 Series IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.6.2"
                }
              ]
            }
          ],
          "datePublic": "2019-02-20T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-295",
                  "description": "CWE-295",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-26T10:57:01.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
            },
            {
              "name": "107111",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/107111"
            }
          ],
          "source": {
            "advisory": "cisco-sa-20190220-ipphone-certs",
            "defect": [
              [
                "CSCvm49157",
                "CSCvn17125",
                "CSCvn17128"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2019-02-20T16:00:00-0800",
              "ID": "CVE-2019-1683",
              "STATE": "PUBLIC",
              "TITLE": "Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Small Business SPA500 Series IP Phones",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.4.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cisco Small Business SPA112 Series IP Phones",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "1.4.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cisco Small Business SPA525 Series IP Phones",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.6.2"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "Cisco Small Business SPA5X5 Series IP Phones",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "7.6.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.5",
                "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-295"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20190220 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-ipphone-certs"
                },
                {
                  "name": "107111",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/107111"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-20190220-ipphone-certs",
              "defect": [
                [
                  "CSCvm49157",
                  "CSCvn17125",
                  "CSCvn17128"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2019-1683",
        "datePublished": "2019-02-25T17:00:00.000Z",
        "dateReserved": "2018-12-06T00:00:00.000Z",
        "dateUpdated": "2024-11-21T19:44:31.986Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }