Lucene search
K
CiscoIp Phone 8800 Series Firmware

11 matches found

CVE
CVE
added 2016/04/21 10:0 a.m.128 views

CVE-2015-6360

CVE-2015-6360 affects libsrtp/libSRTP, with several advisories noting that the encryption-processing feature allows remote DoS via crafted SRTP packets. The root cause in the reports is improper handling of CSRC count and extension header length in RTP headers, leading to vulnerable RTP processin...

7.8CVSS7.1AI score0.08277EPSS
CVE
CVE
added 2017/11/16 7:0 a.m.72 views

CVE-2017-12305

CVE-2017-12305 concerns Cisco IP Phone 8800 Series, where the debug interface is susceptible to a command injection due to insufficient input validation. The vulnerability enables an authenticated, local attacker to execute arbitrary commands by submitting additional input to the affected debug s...

7.2CVSS6.8AI score0.00839EPSS
CVE
CVE
added 2017/11/30 9:0 a.m.69 views

CVE-2017-12328

The CVE-2017-12328 issue affects Cisco IP Phone 8800 Series devices, caused by incomplete input validation of SIP packet headers. An unauthenticated, remote attacker can send malformed SIP packets to trigger the SIP service to restart, dropping all active calls and causing a denial of service. Th...

5.8CVSS5.8AI score0.02133EPSS
CVE
CVE
added 2016/06/10 1:0 a.m.66 views

CVE-2016-1421

Cisco IP Phones Web Application Buffer Overflow (CVE-2016-1421) affects Cisco IP Phone web servers. The issue stems from improper bounds checking in the HTTP request handling, enabling an unauthenticated, remote attacker to abuse a crafted request to execute code with root privileges or trigger a...

7.5CVSS7.8AI score0.04117EPSS
CVE
CVE
added 2019/01/10 4:0 p.m.62 views

CVE-2018-0461

Cisco IP Phone 8800 Series Software is affected by CVE-2018-0461, an unauthenticated, remote arbitrary script injection vulnerability caused by insufficient validation of user-supplied data. An attacker can lure a user to click a malicious link or exploit via the device interface to execute scrip...

8.8CVSS7.9AI score0.01501EPSS
Web
CVE
CVE
added 2016/06/23 12:0 a.m.57 views

CVE-2016-1434

CVE-2016-1434 affects Cisco 8800 Series IP Phones running software 11.0(1). The issue is a directory-traversal vulnerability in the license/certificate upload interface, where insufficient input validation allows remote authenticated attackers to delete arbitrary files via an invalid file (Bug ID...

6.5CVSS6.3AI score0.00786EPSS
CVE
CVE
added 2017/05/22 1:0 a.m.54 views

CVE-2017-6630

CVE-2017-6630 affects Cisco IP Phone 8851 with firmware 11.0(0.1). A remote, unauthenticated attacker can trigger a denial of service by sending manipulated CANCEL SIP messages due to an abnormal SIP handling in the device. Multiple sources (Cisco advisory Cisco-SA-20170517-sip, Tenable plugin, a...

7.8CVSS5.3AI score0.02373EPSS
CVE
CVE
added 2016/06/04 2:0 p.m.53 views

CVE-2016-1403

CVE-2016-1403 affects Cisco IP 8800 Series Phones running firmware 11.0.1 and earlier. A vulnerability in the btcli CLI utility allows an authenticated, local attacker to inject commands and gain OS-level privileges due to insufficient input validation. Impact is local privilege escalation with p...

7.8CVSS7.8AI score0.0051EPSS
CVE
CVE
added 2016/08/22 10:0 a.m.51 views

CVE-2016-1479

CVE-2016-1479 affects Cisco IP Phone 8800 Series running software 11.0(1). The issue is a DoS caused by memory corruption in the device’s web server when processing a crafted HTTP request. The root cause is improper validation of user-supplied input by the affected software. A remote, unauthentic...

7.8CVSS7.3AI score0.02997EPSS
CVE
CVE
added 2016/08/22 10:0 a.m.50 views

CVE-2016-1476

Cisco IP Phone 8800 Series (software 11.0) is affected by CVE-2016-1476: a cross-site scripting (XSS) vulnerability in the web interface due to insufficient sanitization of parameter values. It can be exploited by remote authenticated users to inject arbitrary script/HTML via crafted parameters. ...

5.4CVSS5.1AI score0.00802EPSS
CVE
CVE
added 2016/06/23 12:0 a.m.45 views

CVE-2016-1435

CVE-2016-1435 affects Cisco’s 8800 Series IP Phones running software 11.0(1) , where mounted-filesystem permissions are not properly enforced. The vulnerability allows local users with shell access to write to arbitrary files and potentially modify system content. The root cause is insufficient e...

7CVSS6.8AI score0.00272EPSS