Lucene search

[email protected]CVE-2011-2545

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-2545

2022-10-0316:15:16

CWE-79

[email protected]

web.nvd.nist.gov

cve-2011-2545

xss

cisco

sip

spa8000

spa8800

spa2102

spa3102

spa 500 ip phones

vulnerability

remote attackers

web script

html

invite message

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.3%

JSON

Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715.

Affected configurations

NVD

Node

ciscospa8000_8-port_ip_telephony_gateway_firmwareRange≤6.1.10

ciscospa8000_8-port_ip_telephony_gateway_firmwareMatch5.1.12

ciscospa8000_8-port_ip_telephony_gateway_firmwareMatch6.1.3

AND

ciscospa8000_8-port_ip_telephony_gatewayMatch-

Node

ciscospa8800_8-port_ip_telephony_gateway_firmwareRange≤6.1.7

AND

ciscospa8800_ip_telephony_gatewayMatch-

Node

ciscospa2102_phone_adapter_with_router_firmwareRange≤5.2.12

ciscospa2102_phone_adapter_with_router_firmwareMatch5.2.3

ciscospa2102_phone_adapter_with_router_firmwareMatch5.2.5

ciscospa2102_phone_adapter_with_router_firmwareMatch5.2.10

AND

ciscospa2102_phone_adapter_with_routerMatch-

Node

ciscospa3102_voice_gateway_with_router_firmwareRange≤5.1.10

ciscospa3102_voice_gateway_with_router_firmwareMatch3.3.6

ciscospa3102_voice_gateway_with_router_firmwareMatch5.1.7

AND

ciscospa3102_voice_gateway_with_routerMatch-

Node

ciscospa_500_series_ip_phone_firmwareRange≤7.4.8

ciscospa_500_series_ip_phone_firmwareMatch7.3.7

ciscospa_500_series_ip_phone_firmwareMatch7.4.3

ciscospa_500_series_ip_phone_firmwareMatch7.4.4

ciscospa_500_series_ip_phone_firmwareMatch7.4.6

ciscospa_500_series_ip_phone_firmwareMatch7.4.7

AND

ciscospa_501g_8-line_ip_phone

ciscospa_502g_1-line_ip_phone

ciscospa_504g_4-line_ip_phone

ciscospa_508g_8-line_ip_phone

ciscospa_509g_12-line_ip_phone

ciscospa_512g_1-line_ip_phone

ciscospa_514g_4-line_ip_phone

ciscospa_525g_5-line_ip_phone

ciscospa_525g2_5-line_ip_phone

CPENameOperatorVersion
cisco:spa8000_8-port_ip_telephony_gateway_firmwarecisco spa8000 8-port ip telephony gateway firmwarele6.1.10
cisco:spa8000_8-port_ip_telephony_gateway_firmwarecisco spa8000 8-port ip telephony gateway firmwareeq5.1.12
cisco:spa8000_8-port_ip_telephony_gateway_firmwarecisco spa8000 8-port ip telephony gateway firmwareeq6.1.3
cisco:spa8000_8-port_ip_telephony_gatewaycisco spa8000 8-port ip telephony gatewayeq-

CPE	Name	Operator	Version
cisco:spa8000_8-port_ip_telephony_gateway_firmware	cisco spa8000 8-port ip telephony gateway firmware	le	6.1.10
cisco:spa8000_8-port_ip_telephony_gateway_firmware	cisco spa8000 8-port ip telephony gateway firmware	eq	5.1.12
cisco:spa8000_8-port_ip_telephony_gateway_firmware	cisco spa8000 8-port ip telephony gateway firmware	eq	6.1.3
cisco:spa8000_8-port_ip_telephony_gateway	cisco spa8000 8-port ip telephony gateway	eq	-