Cisco Small Business SPA500 Series IP Phones HTML injection | CVE-2023-20218

July 20, 2023

NAME
__________
Cisco Small Business SPA500 Series IP Phones HTML injection

Platforms Affected:
Cisco Small Business SPA500 Series IP Phones

Risk Level:
5.8

Exploitability:
Unproven

Consequences:
Gain Access

DESCRIPTION
__________

Cisco Small Business SPA500 Series IP Phones are vulnerable to HTML injection. A remote attacker could inject malicious HTML code in the web-based management interface, which when viewed, would be executed in the victim’s Web browser within the security context of the hosting site to show malicious content and/or redirect users to a malicious URL.

CVSS 3.0 Information
__________

Privileges Required:
None

User Interaction:
None

Scope:
Changed

Access Vector:
Network

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

You may have missed

image

[INCRANSOM] – Ransomware Victim: Alna-Bioscience

November 23, 2024
Cobalt Strike

Cobalt Strike Beacon Detected – 52[.]231[.]10[.]139:8080

November 23, 2024
Cobalt Strike

Cobalt Strike Beacon Detected – 54[.]224[.]145[.]120:443

November 23, 2024
Cobalt Strike

Cobalt Strike Beacon Detected – 118[.]193[.]37[.]157:8889

November 23, 2024
Cobalt Strike

Cobalt Strike Beacon Detected – 103[.]225[.]196[.]197:80

November 23, 2024