mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
307 lines
11 KiB
JSON
307 lines
11 KiB
JSON
{
|
|
"id": "CVE-2011-2545",
|
|
"sourceIdentifier": "ykramarz@cisco.com",
|
|
"published": "2012-06-13T20:55:01.707",
|
|
"lastModified": "2012-06-14T04:00:00.000",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la implementaci\u00f3n de SIP de Cisco SPA8000 y SPA8800 anteriores a 6.1.11, SPA2102 y SPA3102 anteriores a 5.2.13, y SPA 500 series IP phones anteriores a 7.4.9. Permite a atacantes remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s del campo FROM de un mensaje INVITE. Tambi\u00e9n conocido como Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, y CSCtr14715."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.3
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:spa8000_8-port_ip_telephony_gateway_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "6.1.10",
|
|
"matchCriteriaId": "9409D324-CFAA-4BB3-A1AA-387DB998509F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:spa8000_8-port_ip_telephony_gateway_firmware:5.1.12:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "85E358B8-7691-4CB1-923D-FA67BE69DA16"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:spa8000_8-port_ip_telephony_gateway_firmware:6.1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "210E6034-8E01-41E1-8315-C0E4A8C42A64"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:cisco:spa8000_8-port_ip_telephony_gateway:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "36A8B70B-0D25-4C61-B4B5-13B5512C0E4B"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:spa8800_8-port_ip_telephony_gateway_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "6.1.7",
|
|
"matchCriteriaId": "688A5A3A-75A0-4DFF-A8D5-FA6B0F28D893"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:cisco:spa8800_ip_telephony_gateway:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B18E4FE1-12E7-47E9-95C7-FA6087C1768E"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "5.2.12",
|
|
"matchCriteriaId": "376C0CD0-D3E1-47B6-9F67-85856837C240"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:5.2.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "87B034F5-3374-49EF-906E-F3387DF82EC2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:5.2.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B5881909-4E84-4056-B4F5-67A8E06BCE71"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:spa2102_phone_adapter_with_router_firmware:5.2.10:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DB7A83C6-FF68-44FA-B780-1D379A236E4A"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:cisco:spa2102_phone_adapter_with_router:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4677C763-6F98-4325-89E1-51E58CB4A5D8"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:spa3102_voice_gateway_with_router_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "5.1.10",
|
|
"matchCriteriaId": "26BBA32F-CECB-4130-94E8-E5DF55350C73"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:spa3102_voice_gateway_with_router_firmware:3.3.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D3DBFBE5-9378-421B-BD19-D7483E319F9B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:spa3102_voice_gateway_with_router_firmware:5.1.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7113D1E3-81CF-4803-9C49-46DC226652B8"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:cisco:spa3102_voice_gateway_with_router:-:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AFA43283-2E65-46B1-9C38-3DA53FE4383E"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "AND",
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "7.4.8",
|
|
"matchCriteriaId": "CA07E92F-F3DA-46AC-9873-57D295228DAF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.3.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "5093082F-6C22-414B-922C-965BBD72CD17"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8757A9BF-0600-4FAA-9572-0ABC313B8985"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "492EC486-734A-441B-9D60-DD32C9C00743"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "51CD58AE-270D-4D3E-8E16-99F4A20A8332"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:o:cisco:spa_500_series_ip_phone_firmware:7.4.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "8E95C5A9-116E-47CC-9F1D-ABF6E8A49B4D"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:cisco:spa_501g_8-line_ip_phone:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "527E6A1C-A9AE-4AF3-8507-AC2A03924E7E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:cisco:spa_502g_1-line_ip_phone:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CD470FF7-2536-4438-8ABD-96CB2C3E75E5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:cisco:spa_504g_4-line_ip_phone:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "84F14F35-FB94-4EC7-B50C-2CA6DD03A703"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:cisco:spa_508g_8-line_ip_phone:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7FA06FAB-9D59-40AD-8888-767D48B2DBCF"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:cisco:spa_509g_12-line_ip_phone:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "3F797658-737B-445F-AF43-E591231F1A64"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:cisco:spa_512g_1-line_ip_phone:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "71D77638-F36D-4FE7-871F-DB985DD82130"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:cisco:spa_514g_4-line_ip_phone:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A68F5658-F1EE-4AA5-A7E5-4FEAA73C0DA0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:cisco:spa_525g_5-line_ip_phone:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "CEDD2219-75C0-4E70-9A32-761CAB513C4F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:h:cisco:spa_525g2_5-line_ip_phone:*:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6CC94EC7-F454-4FAD-9E40-474A4D416F60"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=26037",
|
|
"source": "ykramarz@cisco.com",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |