8 matches found
CVE-2019-1922
Cisco IP Phone 7800/8800 Series SIP handling is affected by a vulnerability in Cisco SIP IP Phone Software due to insufficient validation of SIP packets. An unauthenticated remote attacker can craft SIP replies during registration to trigger a DoS, causing the phone to reboot and fail registratio...
CVE-2020-3111
CVE-2020-3111 is a Cisco CDP vulnerability in Cisco IP Phones that allows an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload (DoS) by sending crafted CDP packets. Root cause: missing checks when processing CDP messages in the Layer 2 CDP implemen...
CVE-2021-1379
CVE-2021-1379 affects Cisco IP Phone Series 68xx/78xx/88xx via Cisco Discovery Protocol and LLDP processing. Root cause: missing checks when handling Cisco Discovery Protocol or LLDP packets, allowing an unauthenticated, adjacent attacker (Layer 2) to execute code remotely or cause a reload, resu...
CVE-2022-20660
CVE-2022-20660 affects Cisco IP Phones where confidential data is stored unencrypted on flash memory. An unauthenticated, physical attacker could extract memory to obtain confidential information. Cisco has released software updates addressing this vulnerability; the Tenable/Cisco advisories conf...
CVE-2021-34711
CVE-2021-34711 affects Cisco IP Phone software. A vulnerability in the debug shell allows an authenticated, local attacker to read arbitrary files on the device filesystem due to insufficient input validation. The issue is triggered by crafted input to a debug shell command. The impact is read ac...
CVE-2019-1635
CVE-2019-1635 affects Cisco IP Phone 7800 and 8800 Series SIP software. The issue is due to incomplete error handling when parsing XML data in SIP packets, allowing an unauthenticated, remote attacker to cause the phone to reload and experience a temporary DoS. The vulnerability applies to the ca...
CVE-2024-20445
CVE-2024-20445 affects Cisco Desk Phone 9800 Series, Cisco IP Phone 7800/8800 Series, and Cisco Video Phone 8875. The issue is improper storage of sensitive information in the web UI for SIP-based phone loads, allowing an unauthenticated, remote attacker to access sensitive data (including call r...
CVE-2019-1684
CVE-2019-1684 affects Cisco IP Phone 7800 and 8800 Series. The issue arises from missing length validation in the Cisco Discovery Protocol (CDP) / Link Layer Discovery Protocol (LLDP) header fields, allowing an unauthenticated, adjacent attacker to cause an affected phone to reload and experience...