Vulnerabilities > CVE-2016-1469 - Resource Management Errors vulnerability in Cisco Spa300 Firmware and Spa500 Firmware

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

cisco

CWE-399

NVD

Published: 2016-09-12

Updated: 2023-06-27

Summary

The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385.

Vulnerable Configurations

Part	Description	Count
OS	Cisco Cisco Spa300 Firmware 7.5.5 Cisco Spa300 Firmware 7.5.7 Cisco Spa500 Firmware 1.4.2 Cisco Spa500 Firmware 7.5.5 Cisco Spa500 Firmware 7.5.7	5
Hardware	Cisco Cisco Spa300 Series IP Phone - Cisco Spa500 Series IP Phone -	2

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-spa
http://www.securityfocus.com/bid/92706
http://www.securitytracker.com/id/1036717