CVE Database · CVE-2012-0333
CVSS v3.1
N/A
EPSS
1.08%
Published
May 2, 2012
Modified
Apr 28, 2026
Public PoC / Exploit
All weaponized →No public PoC or exploit code indexed for this CVE.
Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.
Weaknesses (CWE)
Affected Products (12)
References (4)
