7 matches found
CVE-2021-1379
CVE-2021-1379 affects Cisco IP Phone Series 68xx/78xx/88xx via Cisco Discovery Protocol and LLDP processing. Root cause: missing checks when handling Cisco Discovery Protocol or LLDP packets, allowing an unauthenticated, adjacent attacker (Layer 2) to execute code remotely or cause a reload, resu...
CVE-2024-20357
Cisco CVE-2024-20357 affects multiple Cisco IP Phone series (6800/7800/8800, and related firmware) where XML request parsing lacks proper bounds checking. An unauthenticated, remote attacker could craft XML to trigger calls or play sounds on the device. Root cause is improper bounds-checking duri...
CVE-2024-20376
CVE-2024-20376 affects Cisco IP Phone firmware via the web-based management interface. The issue arises from insufficient validation of user-supplied input, allowing an unauthenticated, remote attacker to trigger a reload on an affected device and cause a DoS. The vulnerability is tied to the web...
CVE-2023-20221
Cisco IP Phone 6800/7800/8800 Series with Multiplatform Firmware are affected by CVE-2023-20221, a CSRF flaw in the web-based management interface. The issue arises from insufficient CSRF protections, enabling an unauthenticated, remote attacker to lure an authenticated user to follow a crafted l...
CVE-2024-20378
Cisco IP Phone firmware vulnerabilities stem from lack of authentication on the web-based management interface. Affected products include Cisco IP Phone 6800, 7800, and 8800 series (and Cisco Video Phone 8875) with multiplatform firmware. An unauthenticated, remote attacker could access specific ...
CVE-2024-20533
Cisco CVE-2024-20533 affects the web UI of Cisco Desk Phone 9800 Series, IP Phones 6800/7800/8800, and Video Phone 8875 with Multiplatform Firmware. The issue is stored XSS arising from improper validation of user input in the web UI, allowing an authenticated remote attacker to inject script via...
CVE-2024-20534
CVE-2024-20534 affects Cisco Desk Phone 9800 Series, Cisco IP Phone 6800/7800/8800 Series, and Cisco Video Phone 8875 with Multiplatform Firmware. The issue is stored cross-site scripting (XSS) in the device web UI caused by improper validation of user-supplied input. An authenticated, remote att...