5 matches found
CVE-2023-20078
Cisco IP Phones (6800, 7800, 7900, 8800 series) web-based management interface contains multiple vulnerabilities due to insufficient input validation that can allow an unauthenticated attacker to execute arbitrary code (CVE-2023-20078) or cause a DoS (CVE-2023-20079). Cisco cites a command-inject...
CVE-2023-20079
CVE-2023-20079 affects Cisco IP Phones (6800/7800/7900/8800 series) via the web-based management interface. The root cause is insufficient validation of user-supplied input in the web UI, enabling an unauthenticated, remote attacker to trigger a denial-of-service condition (DoS). Public details i...
CVE-2019-16008
Cisco IP Phone 6800/7800/8800 Series with Multiplatform Firmware expose a cross-site scripting (XSS) vulnerability in the web‑based GUI due to insufficient input validation. An authenticated, remote attacker could entice a user to click a crafted link, allowing arbitrary script execution or acces...
CVE-2020-3111
CVE-2020-3111 is a Cisco CDP vulnerability in Cisco IP Phones that allows an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload (DoS) by sending crafted CDP packets. Root cause: missing checks when processing CDP messages in the Layer 2 CDP implemen...
CVE-2022-20774
CVE-2022-20774 affects Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware. The issue is an insufficient CSRF protection in the web-based management interface, enabling an unauthenticated attacker to induce a logged-in user to perform actions via a crafted link. Successful expl...