Chris Watts - Tech Analysis Finds Vulnerability in Cisco Small Business SPA300 and SPA500 Series IP Phones Local - Code Execution Vulnerability CVE-2014-3312.

The following Critical Vulnerability was found by Chris Watts of Tech Analysis.Congratulations to Chris for continued efforts in making communications a bit safer.


Cisco Small Business SPA300 and SPA500 Series IP Phones Local Code Execution Vulnerability
Critical Vulnerability ID's: 1) AusCert Alert Number: ESB- 2014.1151 2) NVD ID: CVE-2014-3312 3) Cisco: CSCun77435


Summary

The SPA firmware (version 7.5.5 and prior) has an arbitrary code execution vulnerability that allows a user to execute code or modify the arbitrary memory with elevated privileges.

The following products are affected: As per title the SPA 300 and SPA 500 Series of phones.