12 matches found
CVE-2020-26141
CVE-2020-26141 affects the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi‑Fi stack does not verify the Message Integrity Check for fragmented TKIP frames, allowing an adjacent attacker to inject and potentially decrypt packets in WPA/WPA2 TKIP networks. The provided connected documents d...
CVE-2019-1922
Cisco IP Phone 7800/8800 Series SIP handling is affected by a vulnerability in Cisco SIP IP Phone Software due to insufficient validation of SIP packets. An unauthenticated remote attacker can craft SIP replies during registration to trigger a DoS, causing the phone to reboot and fail registratio...
CVE-2020-3111
CVE-2020-3111 is a Cisco CDP vulnerability in Cisco IP Phones that allows an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload (DoS) by sending crafted CDP packets. Root cause: missing checks when processing CDP messages in the Layer 2 CDP implemen...
CVE-2021-1379
CVE-2021-1379 affects Cisco IP Phone Series 68xx/78xx/88xx via Cisco Discovery Protocol and LLDP processing. Root cause: missing checks when handling Cisco Discovery Protocol or LLDP packets, allowing an unauthenticated, adjacent attacker (Layer 2) to execute code remotely or cause a reload, resu...
CVE-2022-20660
CVE-2022-20660 affects Cisco IP Phones where confidential data is stored unencrypted on flash memory. An unauthenticated, physical attacker could extract memory to obtain confidential information. Cisco has released software updates addressing this vulnerability; the Tenable/Cisco advisories conf...
CVE-2019-1763
Summary: CVE-2019-1763 is a Cisco IP Phone 8800 Series authorization bypass vulnerability in the SIP web-based management interface, caused by improper URL sanitization. An unauthenticated, remote attacker could bypass authorization, access critical services, and cause a DoS. Affected are IP Phon...
CVE-2021-34711
CVE-2021-34711 affects Cisco IP Phone software. A vulnerability in the debug shell allows an authenticated, local attacker to read arbitrary files on the device filesystem due to insufficient input validation. The issue is triggered by crafted input to a debug shell command. The impact is read ac...
CVE-2019-1635
CVE-2019-1635 affects Cisco IP Phone 7800 and 8800 Series SIP software. The issue is due to incomplete error handling when parsing XML data in SIP packets, allowing an unauthenticated, remote attacker to cause the phone to reload and experience a temporary DoS. The vulnerability applies to the ca...
CVE-2019-1765
CVE-2019-1765 affects Cisco IP Phone 8800 Series SIP Software. The web-based management interface vulnerability arises from insufficient input validation and file-level permissions, allowing an authenticated, remote attacker to upload invalid files and write files to arbitrary locations on the de...
CVE-2024-20445
CVE-2024-20445 affects Cisco Desk Phone 9800 Series, Cisco IP Phone 7800/8800 Series, and Cisco Video Phone 8875. The issue is improper storage of sensitive information in the web UI for SIP-based phone loads, allowing an unauthenticated, remote attacker to access sensitive data (including call r...
CVE-2019-1764
CVE-2019-1764 affects Cisco IP Phone 8800 Series SIP Software with insufficient CSRF protections in the web-based management interface. An unauthenticated attacker can induce an authenticated user to follow a crafted link, enabling arbitrary actions on the device via a browser with the user’s pri...
CVE-2019-1684
CVE-2019-1684 affects Cisco IP Phone 7800 and 8800 Series. The issue arises from missing length validation in the Cisco Discovery Protocol (CDP) / Link Layer Discovery Protocol (LLDP) header fields, allowing an unauthenticated, adjacent attacker to cause an affected phone to reload and experience...