4 matches found
CVE-2024-20357
Cisco CVE-2024-20357 affects multiple Cisco IP Phone series (6800/7800/8800, and related firmware) where XML request parsing lacks proper bounds checking. An unauthenticated, remote attacker could craft XML to trigger calls or play sounds on the device. Root cause is improper bounds-checking duri...
CVE-2024-20376
CVE-2024-20376 affects Cisco IP Phone firmware via the web-based management interface. The issue arises from insufficient validation of user-supplied input, allowing an unauthenticated, remote attacker to trigger a reload on an affected device and cause a DoS. The vulnerability is tied to the web...
CVE-2024-20533
Cisco CVE-2024-20533 affects the web UI of Cisco Desk Phone 9800 Series, IP Phones 6800/7800/8800, and Video Phone 8875 with Multiplatform Firmware. The issue is stored XSS arising from improper validation of user input in the web UI, allowing an authenticated remote attacker to inject script via...
CVE-2024-20534
CVE-2024-20534 affects Cisco Desk Phone 9800 Series, Cisco IP Phone 6800/7800/8800 Series, and Cisco Video Phone 8875 with Multiplatform Firmware. The issue is stored cross-site scripting (XSS) in the device web UI caused by improper validation of user-supplied input. An authenticated, remote att...