Lucene search
+L
CiscoIp Phone 8821 Firmware

14 matches found

CVE
CVE
added 2020/04/15 8:10 p.m.1074 views

CVE-2020-3161

The CVE-2020-3161 issue affects the web server used by Cisco IP Phones, where improper input validation of HTTP requests can allow an unauthenticated, remote attacker to execute code with root privileges or trigger a reload, causing a DoS. The vulnerability is tied to input validation flaws in th...

10CVSS9.5AI score0.83734EPSS
In wildWeb
CVE
CVE
added 2021/05/11 12:0 a.m.665 views

CVE-2020-24587

CVE-2020-24587 is referenced in the Amazon Linux 2 kernel advisory for Kernel-5.10-2022-002. The connected document confirms a flaw in the Linux kernel 802.11 wifi fragmentation handling where fragments encrypted under different keys can be reassembled and decrypted, enabling an attacker within w...

2.6CVSS6.2AI score0.02592EPSS
In wild
CVE
CVE
added 2021/05/11 12:0 a.m.621 views

CVE-2020-24588

The CVE-2020-24588 entry relates to the 802.11 Wi‑Fi fragmentation/ A‑MSDU handling issue where the plaintext QoS header flag isn’t authenticated, enabling an attacker to inject packets by sending non‑SSP A‑MSDU frames (FragAttacks). Connected Astra Linux advisories describe this as a variant of ...

3.5CVSS6.4AI score0.03537EPSS
CVE
CVE
added 2021/05/11 7:37 p.m.398 views

CVE-2020-26139

CVE-2020-26139 affects NetBSD 7.1 kernel as described in connected documents. An Access Point forwards EAPOL frames to other clients before the sender has successfully authenticated, which may enable denial-of-service attacks against connected clients in Wi‑Fi networks and could facilitate exploi...

5.3CVSS6.5AI score0.06487EPSS
CVE
CVE
added 2021/05/11 7:34 p.m.338 views

CVE-2020-26140

The CVE-2020-26140 entry is covered in ARISTA Security Advisory 0063, which groups it under the FragAttacks fragmentation/aggregation vulnerabilities. The advisory states that plaintext data frames are accepted on encrypted networks, enabling packet injection. Fixes are provided as platform-speci...

6.5CVSS6.7AI score0.02923EPSS
CVE
CVE
added 2023/01/19 1:35 a.m.146 views

CVE-2023-20018

CVE-2023-20018 affects Cisco IP Phone 7800 and 8800 Series through the web-based management interface. The issue is an authentication bypass caused by insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to access parts of the web interface that normally re...

8.6CVSS6.6AI score0.00613EPSS
CVE
CVE
added 2019/03/22 8:5 p.m.69 views

CVE-2019-1716

CVE-2019-1716 affects Cisco IP Phone 7800 Series and 8800 Series via the web-based SIP management interface. An unauthenticated attacker can leverage improper input validation during user authentication over HTTP to trigger a device reload (DoS) or execute arbitrary code with the app user’s privi...

9.8CVSS9.2AI score0.0311EPSS
CVE
CVE
added 2019/03/22 8:5 p.m.61 views

CVE-2019-1763

Summary: CVE-2019-1763 is a Cisco IP Phone 8800 Series authorization bypass vulnerability in the SIP web-based management interface, caused by improper URL sanitization. An unauthenticated, remote attacker could bypass authorization, access critical services, and cause a DoS. Affected are IP Phon...

7.5CVSS7.7AI score0.01939EPSS
CVE
CVE
added 2019/03/22 8:5 p.m.60 views

CVE-2019-1765

CVE-2019-1765 affects Cisco IP Phone 8800 Series SIP Software. The web-based management interface vulnerability arises from insufficient input validation and file-level permissions, allowing an authenticated, remote attacker to upload invalid files and write files to arbitrary locations on the de...

8.1CVSS7.1AI score0.01366EPSS
CVE
CVE
added 2019/03/22 8:5 p.m.52 views

CVE-2019-1764

CVE-2019-1764 affects Cisco IP Phone 8800 Series SIP Software with insufficient CSRF protections in the web-based management interface. An unauthenticated attacker can induce an authenticated user to follow a crafted link, enabling arbitrary actions on the device via a browser with the user’s pri...

8.8CVSS8.4AI score0.00698EPSS
CVE
CVE
added 2025/09/03 5:41 p.m.25 views

CVE-2025-20335

Cisco fixed a directory-permissions vulnerability affecting Desk Phone 9800 Series, IP Phone 7800/8800 Series, and Video Phone 8875 with SIP firmware. An unauthenticated, remote attacker could write arbitrary files to specific OS directories by sending crafted requests, exploiting weak directory ...

5.3CVSS6.7AI score0.00332EPSS
CVE
CVE
added 2025/09/03 5:41 p.m.24 views

CVE-2025-20336

CVE-2025-20336 affects Cisco Desk Phone 9800 Series, Cisco IP Phone 7800/8800 Series, and Cisco Video Phone 8875. The root cause is a directory permissions issue that can permit an unauthenticated, remote attacker to access sensitive information from the device. Exploitation requires Web Access t...

7.5CVSS6.1AI score0.00349EPSS
CVE
CVE
added 2025/10/15 4:15 p.m.20 views

CVE-2025-20350

CVE-2025-20350 affects Cisco Desk Phone 9800 Series, Cisco IP Phone 7800/8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software. The issue is a stack/heap buffer overflow when the device processes HTTP input in the web UI, leading to a DoS where the device reloads. Exploitation requir...

7.5CVSS6.9AI score0.00446EPSS
CVE
CVE
added 2025/10/15 4:15 p.m.19 views

CVE-2025-20351

CVE-2025-20351 affects Cisco Desk Phone 9800 Series, IP Phone 7800/8800 Series, and Video Phone 8875 running Cisco SIP Software. The web UI fails to sufficiently validate user-supplied input, enabling unauthenticated remote XSS when a user is persuaded to click a crafted link. Impact could includ...

6.1CVSS6.4AI score0.00268EPSS