CVE-2014-3312

Summary

CVE	CVE-2014-3312
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2014-07-09 11:07:00 UTC
Updated	2017-08-29 01:34:00 UTC
Description	The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.

Risk And Classification

Problem Types: CWE-287

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Cisco	Spa901 1-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa901 1-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa922 1-line Ip Phone With 1-port Ethernet	All	All	All	All
Hardware	Cisco	Spa922 1-line Ip Phone With 1-port Ethernet	All	All	All	All
Hardware	Cisco	Spa941 4-line Ip Phone With 1-port Ethernet	All	All	All	All
Hardware	Cisco	Spa941 4-line Ip Phone With 1-port Ethernet	All	All	All	All
Hardware	Cisco	Spa942 4-line Ip Phone With 2-port Switch	All	All	All	All
Hardware	Cisco	Spa942 4-line Ip Phone With 2-port Switch	All	All	All	All
Hardware	Cisco	Spa962 6-line Ip Phone With 2-port Switch	All	All	All	All
Hardware	Cisco	Spa962 6-line Ip Phone With 2-port Switch	All	All	All	All
Hardware	Cisco	Spa 301 1 Line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 301 1 Line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 303 3 Line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 303 3 Line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 501g 8-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 501g 8-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 502g 1-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 502g 1-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 504g 4-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 504g 4-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 508g 8-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 508g 8-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 509g 12-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 509g 12-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 512g 1-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 512g 1-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 514g 4-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 514g 4-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 525g2 5-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 525g2 5-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 525g 5-line Ip Phone	All	All	All	All
Hardware	Cisco	Spa 525g 5-line Ip Phone	All	All	All	All

References

Reference	Source	Link	Tags
Cisco Small Business SPA300 and SPA500 Series IP Phones Local Code Execution Vulnerability	BID	www.securityfocus.com
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
20140708 Cisco Small Businsess SPA300 and SPA500 Series IP Phones Local Code Execution Vulnerability	CISCO	tools.cisco.com	Vendor Advisory
Cisco Small Business SPA300/SPA500 IP Phones Authentication Flaw Lets Local Users Gain Elevated Privileges - SecurityTracker	SECTRACK	www.securitytracker.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.