Many of the attacks are possible due to the heavy feature set the devices contain poor quality design, implementation and testing.
CREEPS rejoice: Small biz Cisco phones open to eavesdrop 0-day
Creeps can listen in to conversations placed over vulnerable Cisco small business phones. Remote eavesdropping requires a crafted XML request be sent to the Borg's SPA 300 and 500 IP phones. Cisco warns version 7.5.5 of the software powering the phones is vulnerable, possibly along with more recent iterations. "An …