Ip Phone 6861 Firmware Security Vulnerabilities and Issues — Ip Phone 6861 Firmware CVE List

Lucene search

CiscoIp Phone 6861 Firmware

10 matches found

CVE•added 2021/05/11 8:15 p.m.•578 views

CVE-2020-24587

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames an...

2.6CVSS6.2AI score0.00344EPSS

In wild

CVE•added 2021/05/11 8:15 p.m.•545 views

CVE-2020-24588

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802...

3.5CVSS6.4AI score0.00344EPSS

CVE•added 2021/05/11 8:15 p.m.•445 views

CVE-2020-26141

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the ...

6.5CVSS7.2AI score0.00321EPSS

CVE•added 2021/05/11 8:15 p.m.•333 views

CVE-2020-26139

An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients an...

5.3CVSS6.5AI score0.00639EPSS

CVE•added 2021/05/11 8:15 p.m.•299 views

CVE-2020-26140

An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration.

6.5CVSS6.7AI score0.00427EPSS

CVE•added 2023/03/03 4:15 p.m.•191 views

CVE-2023-20078

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisor...

9.8CVSS9.9AI score0.10825EPSS

CVE•added 2023/03/03 4:15 p.m.•141 views

CVE-2023-20079

9.8CVSS9.2AI score0.08614EPSS

CVE•added 2020/01/26 5:15 a.m.•127 views

CVE-2019-16008

A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to in...

5.4CVSS5.2AI score0.00287EPSS

CVE•added 2020/02/05 6:15 p.m.•105 views

CVE-2020-3111

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery...

8.8CVSS8.6AI score0.00234EPSS

CVE•added 2022/04/06 7:15 p.m.•80 views

CVE-2022-20774

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This...

8.1CVSS7.4AI score0.00252EPSS