Vulnerabilities > Cisco > Spa514G Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-03 | CVE-2023-20181 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. | 6.1 |
| 2023-08-03 | CVE-2023-20218 | Cross-site Scripting vulnerability in Cisco products A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. | 6.1 |
| 2019-07-17 | CVE-2019-1923 | Improper Input Validation vulnerability in Cisco products A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. | 6.6 |
| 2019-03-13 | CVE-2018-0389 | Unspecified vulnerability in Cisco Spa514G Firmware A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. | 7.5 |
| 2019-02-25 | CVE-2019-1683 | Improper Certificate Validation vulnerability in Cisco products A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. | 7.4 |