Lucene search
K
CiscoIp Phone 6861 Firmware

10 matches found

CVE
CVE
added 2021/05/11 12:0 a.m.664 views

CVE-2020-24587

CVE-2020-24587 is referenced in the Amazon Linux 2 kernel advisory for Kernel-5.10-2022-002. The connected document confirms a flaw in the Linux kernel 802.11 wifi fragmentation handling where fragments encrypted under different keys can be reassembled and decrypted, enabling an attacker within w...

2.6CVSS6.2AI score0.02592EPSS
In wild
CVE
CVE
added 2021/05/11 12:0 a.m.621 views

CVE-2020-24588

The CVE-2020-24588 entry relates to the 802.11 Wi‑Fi fragmentation/ A‑MSDU handling issue where the plaintext QoS header flag isn’t authenticated, enabling an attacker to inject packets by sending non‑SSP A‑MSDU frames (FragAttacks). Connected Astra Linux advisories describe this as a variant of ...

3.5CVSS6.4AI score0.03537EPSS
CVE
CVE
added 2021/05/11 7:42 p.m.505 views

CVE-2020-26141

CVE-2020-26141 affects the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi‑Fi stack does not verify the Message Integrity Check for fragmented TKIP frames, allowing an adjacent attacker to inject and potentially decrypt packets in WPA/WPA2 TKIP networks. The provided connected documents d...

6.5CVSS7.2AI score0.03072EPSS
CVE
CVE
added 2021/05/11 7:37 p.m.395 views

CVE-2020-26139

CVE-2020-26139 affects NetBSD 7.1 kernel as described in connected documents. An Access Point forwards EAPOL frames to other clients before the sender has successfully authenticated, which may enable denial-of-service attacks against connected clients in Wi‑Fi networks and could facilitate exploi...

5.3CVSS6.5AI score0.06487EPSS
CVE
CVE
added 2021/05/11 7:34 p.m.335 views

CVE-2020-26140

The CVE-2020-26140 entry is covered in ARISTA Security Advisory 0063, which groups it under the FragAttacks fragmentation/aggregation vulnerabilities. The advisory states that plaintext data frames are accepted on encrypted networks, enabling packet injection. Fixes are provided as platform-speci...

6.5CVSS6.7AI score0.02923EPSS
CVE
CVE
added 2023/03/03 12:0 a.m.226 views

CVE-2023-20078

Cisco IP Phones (6800, 7800, 7900, 8800 series) web-based management interface contains multiple vulnerabilities due to insufficient input validation that can allow an unauthenticated attacker to execute arbitrary code (CVE-2023-20078) or cause a DoS (CVE-2023-20079). Cisco cites a command-inject...

9.8CVSS9.9AI score0.10351EPSS
CVE
CVE
added 2023/03/03 12:0 a.m.169 views

CVE-2023-20079

CVE-2023-20079 affects Cisco IP Phones (6800/7800/7900/8800 series) via the web-based management interface. The root cause is insufficient validation of user-supplied input in the web UI, enabling an unauthenticated, remote attacker to trigger a denial-of-service condition (DoS). Public details i...

9.8CVSS9.2AI score0.10314EPSS
CVE
CVE
added 2020/01/26 4:45 a.m.145 views

CVE-2019-16008

Cisco IP Phone 6800/7800/8800 Series with Multiplatform Firmware expose a cross-site scripting (XSS) vulnerability in the web‑based GUI due to insufficient input validation. An authenticated, remote attacker could entice a user to click a crafted link, allowing arbitrary script execution or acces...

5.4CVSS5.2AI score0.00633EPSS
CVE
CVE
added 2020/02/05 5:40 p.m.120 views

CVE-2020-3111

CVE-2020-3111 is a Cisco CDP vulnerability in Cisco IP Phones that allows an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload (DoS) by sending crafted CDP packets. Root cause: missing checks when processing CDP messages in the Layer 2 CDP implemen...

8.8CVSS8.6AI score0.03095EPSS
CVE
CVE
added 2022/04/06 6:12 p.m.96 views

CVE-2022-20774

CVE-2022-20774 affects Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware. The issue is an insufficient CSRF protection in the web-based management interface, enabling an unauthenticated attacker to induce a logged-in user to perform actions via a crafted link. Successful expl...

8.1CVSS7.4AI score0.00383EPSS