9 matches found
CVE-2023-20018
CVE-2023-20018 affects Cisco IP Phone 7800 and 8800 Series through the web-based management interface. The issue is an authentication bypass caused by insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to access parts of the web interface that normally re...
CVE-2019-1716
CVE-2019-1716 affects Cisco IP Phone 7800 Series and 8800 Series via the web-based SIP management interface. An unauthenticated attacker can leverage improper input validation during user authentication over HTTP to trigger a device reload (DoS) or execute arbitrary code with the app user’s privi...
CVE-2019-1766
CVE-2019-1766 affects Cisco IP Phone 8800 Series SIP Software prior to 12.5(1)SR1. The issue is a denial-of-service via file uploads: the web-based management interface does not restrict the maximum size of certain files written to disk, allowing an unauthenticated attacker with valid admin crede...
CVE-2019-1763
Summary: CVE-2019-1763 is a Cisco IP Phone 8800 Series authorization bypass vulnerability in the SIP web-based management interface, caused by improper URL sanitization. An unauthenticated, remote attacker could bypass authorization, access critical services, and cause a DoS. Affected are IP Phon...
CVE-2019-1765
CVE-2019-1765 affects Cisco IP Phone 8800 Series SIP Software. The web-based management interface vulnerability arises from insufficient input validation and file-level permissions, allowing an authenticated, remote attacker to upload invalid files and write files to arbitrary locations on the de...
CVE-2021-33478
The CVE-2021-33478 issue concerns the TrustZone implementation in Broadcom MediaxChange firmware, affecting Cisco IP Phone and Wireless IP Phone devices. The vulnerability allows an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone TEE, with explo...
CVE-2019-1764
CVE-2019-1764 affects Cisco IP Phone 8800 Series SIP Software with insufficient CSRF protections in the web-based management interface. An unauthenticated attacker can induce an authenticated user to follow a crafted link, enabling arbitrary actions on the device via a browser with the user’s pri...
CVE-2018-0325
CVE-2018-0325 affects Cisco IP Phone 7800/8800 series (and 8821) via vulnerable SIP call handling. The SDP parser’s incomplete input validation enables an unauthenticated remote attacker to drop all active calls and restart the SIP process, causing a DoS. Root cause: SDP parameter validation flaw...
CVE-2019-1684
CVE-2019-1684 affects Cisco IP Phone 7800 and 8800 Series. The issue arises from missing length validation in the Cisco Discovery Protocol (CDP) / Link Layer Discovery Protocol (LLDP) header fields, allowing an unauthenticated, adjacent attacker to cause an affected phone to reload and experience...