Unknown
CVE-2011-2545
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Unknown
(0 users assessed)
Unknown
(0 users assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- spa 500 series ip phone firmware,
- spa 500 series ip phone firmware 7.3.7,
- spa 500 series ip phone firmware 7.4.3,
- spa 500 series ip phone firmware 7.4.4,
- spa 500 series ip phone firmware 7.4.6,
- spa 500 series ip phone firmware 7.4.7,
- spa 501g 8-line ip phone,
- spa 502g 1-line ip phone,
- spa 504g 4-line ip phone,
- spa 508g 8-line ip phone,
- spa 509g 12-line ip phone,
- spa 512g 1-line ip phone,
- spa 514g 4-line ip phone,
- spa 525g 5-line ip phone,
- spa 525g2 5-line ip phone,
- spa2102 phone adapter with router -,
- spa2102 phone adapter with router firmware,
- spa2102 phone adapter with router firmware 5.2.10,
- spa2102 phone adapter with router firmware 5.2.3,
- spa2102 phone adapter with router firmware 5.2.5,
- spa3102 voice gateway with router -,
- spa3102 voice gateway with router firmware,
- spa3102 voice gateway with router firmware 3.3.6,
- spa3102 voice gateway with router firmware 5.1.7,
- spa8000 8-port ip telephony gateway -,
- spa8000 8-port ip telephony gateway firmware,
- spa8000 8-port ip telephony gateway firmware 5.1.12,
- spa8000 8-port ip telephony gateway firmware 6.1.3,
- spa8800 8-port ip telephony gateway firmware,
- spa8800 ip telephony gateway -
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
