Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability
Vulnerability Description
A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.
CVSS Information
N/A
Vulnerability Type
证书验证不恰当
Vulnerability Title
Cisco SPA112、SPA525和SPA5X5 Series 信任管理问题漏洞
Vulnerability Description
Cisco SPA112 Series等都是美国思科(Cisco)公司的产品。Cisco SPA112 Series是一款SPA112系列IP电话。SPA525 Series是一款SPA525系列IP电话。SPA5X5 Series是一款SPA5X5系列IP电话。 Cisco SPA112、SPA525和SPA5X5 Series中的证书处理组件存在信任管理问题漏洞,该漏洞源于程序没有正确验证服务器证书。远程攻击者可通过构建恶意的服务器证书利用该漏洞监听或控制部分被安全传输层协议(TLS)加密的会话初始协
CVSS Information
N/A
Vulnerability Type
N/A