CVE-2014-3312
medium
CVSS v3
—
CVSS v2
6.9
VIR risk
6.9
Description
The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@cisco.com — http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3312
References
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3312
- http://www.securityfocus.com/bid/68465
- http://www.securitytracker.com/id/1030552
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94421
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3312
- http://www.securityfocus.com/bid/68465
- http://www.securitytracker.com/id/1030552
- https://exchange.xforce.ibmcloud.com/vulnerabilities/94421
CWEs
CWE-287
Verify integrity in audit chain (admin only). AS-IS.