CVE-2014-3312 Information

Description

The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication which allows local users to execute arbitrary debug-shell commands or read or modify data in memory or a filesystem via direct access to this interface aka Bug ID CSCun77435.

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3312 http://www.securityfocus.com/bid/68465 http://www.securitytracker.com/id/1030552 https://exchange.xforce.ibmcloud.com/vulnerabilities/94421