CVE-2011-2545

Name: CVE-2011-2545
Creator: NVD / NIST
Published: 2012-06-13T20:55:01.707+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.94%

Last modified Jun 16, 2026

CVE-2011-2545 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715.. EPSS estimates a 0.94% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715.

Metrics

EPSS Probability

0.94%

56.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Cisco	Spa8000 8-Port Ip Telephony Gateway Firmware	<= 6.1.10
Cisco	Spa8000 8-Port Ip Telephony Gateway Firmware	5.1.12
Cisco	Spa8000 8-Port Ip Telephony Gateway Firmware	6.1.3
Cisco	Spa8000 8-Port Ip Telephony Gateway	All versions
Cisco	Spa8800 8-Port Ip Telephony Gateway Firmware	<= 6.1.7
Cisco	Spa8800 Ip Telephony Gateway	All versions
Cisco	Spa2102 Phone Adapter With Router Firmware	<= 5.2.12
Cisco	Spa2102 Phone Adapter With Router Firmware	5.2.3
Cisco	Spa2102 Phone Adapter With Router Firmware	5.2.5
Cisco	Spa2102 Phone Adapter With Router Firmware	5.2.10
Cisco	Spa2102 Phone Adapter With Router	All versions
Cisco	Spa3102 Voice Gateway With Router Firmware	<= 5.1.10
Cisco	Spa3102 Voice Gateway With Router Firmware	3.3.6
Cisco	Spa3102 Voice Gateway With Router Firmware	5.1.7
Cisco	Spa3102 Voice Gateway With Router	All versions
Cisco	Spa 500 Series Ip Phone Firmware	<= 7.4.8
Cisco	Spa 500 Series Ip Phone Firmware	7.3.7
Cisco	Spa 500 Series Ip Phone Firmware	7.4.3
Cisco	Spa 500 Series Ip Phone Firmware	7.4.4
Cisco	Spa 500 Series Ip Phone Firmware	7.4.6
Cisco	Spa 500 Series Ip Phone Firmware	7.4.7
Cisco	Spa 501g 8-Line Ip Phone	All versions
Cisco	Spa 502g 1-Line Ip Phone	All versions
Cisco	Spa 504g 4-Line Ip Phone	All versions
Cisco	Spa 508g 8-Line Ip Phone	All versions
Cisco	Spa 509g 12-Line Ip Phone	All versions
Cisco	Spa 512g 1-Line Ip Phone	All versions
Cisco	Spa 514g 4-Line Ip Phone	All versions
Cisco	Spa 525g 5-Line Ip Phone	All versions
Cisco	Spa 525g2 5-Line Ip Phone	All versions

References

http://tools.cisco.com/security/center/viewAlert.x?alertId=26037Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=26037Vendor Advisory

Timeline

Published: Jun 13, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-2545?

How severe is CVE-2011-2545?

Severity scoring for CVE-2011-2545 is pending analysis. The EPSS model estimates a 0.94% probability of exploitation in the next 30 days.

How do I fix CVE-2011-2545?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-2545?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST