Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Cisco IP Phones Vulnerabilities: Remote Hackers Can Take Over Devices, No Fixes Available
Cisco Small Business SPA300 and SPA500 Series IP Phones are vulnerable to remote command execution and DoS attacks due to unchecked HTTP packets. With CVSS scores of 9.8 and 7.5, these vulnerabilities allow attackers to execute commands or cause device reloads. No fixes or workarounds…
Hot Take:
Who knew that trying to reach customer service on a Cisco IP phone could lead to a hacker reaching the root of your system? Looks like the only busy signal you’ll get is from the DoS attack!
Key Points:
- Multiple vulnerabilities identified in Cisco Small Business SPA300 and SPA500 Series IP Phones.
- Vulnerabilities allow unauthenticated, remote attackers to execute arbitrary commands with root privileges.
- No software updates or workarounds have been released by Cisco yet.
- High Security Impact Rating (SIR) and CVSS Base Score of 9.8 for command execution vulnerabilities.
- High Security Impact Rating (SIR) and CVSS Base Score of 7.5 for DoS vulnerabilities.
Already a member? Log in here