7 matches found
CVE-2023-20078
Cisco IP Phones (6800, 7800, 7900, 8800 series) web-based management interface contains multiple vulnerabilities due to insufficient input validation that can allow an unauthenticated attacker to execute arbitrary code (CVE-2023-20078) or cause a DoS (CVE-2023-20079). Cisco cites a command-inject...
CVE-2023-20079
CVE-2023-20079 affects Cisco IP Phones (6800/7800/7900/8800 series) via the web-based management interface. The root cause is insufficient validation of user-supplied input in the web UI, enabling an unauthenticated, remote attacker to trigger a denial-of-service condition (DoS). Public details i...
CVE-2023-20018
CVE-2023-20018 affects Cisco IP Phone 7800 and 8800 Series through the web-based management interface. The issue is an authentication bypass caused by insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to access parts of the web interface that normally re...
CVE-2019-16008
Cisco IP Phone 6800/7800/8800 Series with Multiplatform Firmware expose a cross-site scripting (XSS) vulnerability in the web‑based GUI due to insufficient input validation. An authenticated, remote attacker could entice a user to click a crafted link, allowing arbitrary script execution or acces...
CVE-2022-20968
Affected product/versions: Cisco IP Phone 7800 and 8800 Series firmware (prior to 14.2(1)). Vulnerability: Cisco Discovery Protocol (CDP) processing feature accepts crafted CDP packets due to insufficient input validation, enabling an unauthenticated, adjacent attacker to trigger a stack overflow...
CVE-2022-20774
CVE-2022-20774 affects Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware. The issue is an insufficient CSRF protection in the web-based management interface, enabling an unauthenticated attacker to induce a logged-in user to perform actions via a crafted link. Successful expl...
CVE-2021-34711
CVE-2021-34711 affects Cisco IP Phone software. A vulnerability in the debug shell allows an authenticated, local attacker to read arbitrary files on the device filesystem due to insufficient input validation. The issue is triggered by crafted input to a debug shell command. The impact is read ac...