11 matches found
CVE-2015-6360
CVE-2015-6360 affects libsrtp/libSRTP, with several advisories noting that the encryption-processing feature allows remote DoS via crafted SRTP packets. The root cause in the reports is improper handling of CSRC count and extension header length in RTP headers, leading to vulnerable RTP processin...
CVE-2017-12305
CVE-2017-12305 concerns Cisco IP Phone 8800 Series, where the debug interface is susceptible to a command injection due to insufficient input validation. The vulnerability enables an authenticated, local attacker to execute arbitrary commands by submitting additional input to the affected debug s...
CVE-2017-12328
The CVE-2017-12328 issue affects Cisco IP Phone 8800 Series devices, caused by incomplete input validation of SIP packet headers. An unauthenticated, remote attacker can send malformed SIP packets to trigger the SIP service to restart, dropping all active calls and causing a denial of service. Th...
CVE-2016-1421
Cisco IP Phones Web Application Buffer Overflow (CVE-2016-1421) affects Cisco IP Phone web servers. The issue stems from improper bounds checking in the HTTP request handling, enabling an unauthenticated, remote attacker to abuse a crafted request to execute code with root privileges or trigger a...
CVE-2018-0461
Cisco IP Phone 8800 Series Software is affected by CVE-2018-0461, an unauthenticated, remote arbitrary script injection vulnerability caused by insufficient validation of user-supplied data. An attacker can lure a user to click a malicious link or exploit via the device interface to execute scrip...
CVE-2016-1434
CVE-2016-1434 affects Cisco 8800 Series IP Phones running software 11.0(1). The issue is a directory-traversal vulnerability in the license/certificate upload interface, where insufficient input validation allows remote authenticated attackers to delete arbitrary files via an invalid file (Bug ID...
CVE-2017-6630
CVE-2017-6630 affects Cisco IP Phone 8851 with firmware 11.0(0.1). A remote, unauthenticated attacker can trigger a denial of service by sending manipulated CANCEL SIP messages due to an abnormal SIP handling in the device. Multiple sources (Cisco advisory Cisco-SA-20170517-sip, Tenable plugin, a...
CVE-2016-1403
CVE-2016-1403 affects Cisco IP 8800 Series Phones running firmware 11.0.1 and earlier. A vulnerability in the btcli CLI utility allows an authenticated, local attacker to inject commands and gain OS-level privileges due to insufficient input validation. Impact is local privilege escalation with p...
CVE-2016-1479
CVE-2016-1479 affects Cisco IP Phone 8800 Series running software 11.0(1). The issue is a DoS caused by memory corruption in the device’s web server when processing a crafted HTTP request. The root cause is improper validation of user-supplied input by the affected software. A remote, unauthentic...
CVE-2016-1476
Cisco IP Phone 8800 Series (software 11.0) is affected by CVE-2016-1476: a cross-site scripting (XSS) vulnerability in the web interface due to insufficient sanitization of parameter values. It can be exploited by remote authenticated users to inject arbitrary script/HTML via crafted parameters. ...
CVE-2016-1435
CVE-2016-1435 affects Cisco’s 8800 Series IP Phones running software 11.0(1) , where mounted-filesystem permissions are not properly enforced. The vulnerability allows local users with shell access to write to arbitrary files and potentially modify system content. The root cause is insufficient e...