Lucene search
K
CiscoIp Phone 8845 Firmware

20 matches found

CVE
CVE
added 2020/04/15 8:10 p.m.1071 views

CVE-2020-3161

The CVE-2020-3161 issue affects the web server used by Cisco IP Phones, where improper input validation of HTTP requests can allow an unauthenticated, remote attacker to execute code with root privileges or trigger a reload, causing a DoS. The vulnerability is tied to input validation flaws in th...

10CVSS9.5AI score0.83734EPSS
In wildWeb
CVE
CVE
added 2019/07/06 1:25 a.m.442 views

CVE-2019-1922

Cisco IP Phone 7800/8800 Series SIP handling is affected by a vulnerability in Cisco SIP IP Phone Software due to insufficient validation of SIP packets. An unauthenticated remote attacker can craft SIP replies during registration to trigger a DoS, causing the phone to reboot and fail registratio...

7.8CVSS6.3AI score0.01317EPSS
CVE
CVE
added 2023/03/03 12:0 a.m.225 views

CVE-2023-20078

Cisco IP Phones (6800, 7800, 7900, 8800 series) web-based management interface contains multiple vulnerabilities due to insufficient input validation that can allow an unauthenticated attacker to execute arbitrary code (CVE-2023-20078) or cause a DoS (CVE-2023-20079). Cisco cites a command-inject...

9.8CVSS9.9AI score0.10351EPSS
CVE
CVE
added 2023/03/03 12:0 a.m.167 views

CVE-2023-20079

CVE-2023-20079 affects Cisco IP Phones (6800/7800/7900/8800 series) via the web-based management interface. The root cause is insufficient validation of user-supplied input in the web UI, enabling an unauthenticated, remote attacker to trigger a denial-of-service condition (DoS). Public details i...

9.8CVSS9.2AI score0.10314EPSS
CVE
CVE
added 2020/01/26 4:45 a.m.145 views

CVE-2019-16008

Cisco IP Phone 6800/7800/8800 Series with Multiplatform Firmware expose a cross-site scripting (XSS) vulnerability in the web‑based GUI due to insufficient input validation. An authenticated, remote attacker could entice a user to click a crafted link, allowing arbitrary script execution or acces...

5.4CVSS5.2AI score0.00633EPSS
CVE
CVE
added 2023/01/19 1:35 a.m.145 views

CVE-2023-20018

CVE-2023-20018 affects Cisco IP Phone 7800 and 8800 Series through the web-based management interface. The issue is an authentication bypass caused by insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to access parts of the web interface that normally re...

8.6CVSS6.6AI score0.00613EPSS
CVE
CVE
added 2022/12/08 4:13 p.m.136 views

CVE-2022-20968

Affected product/versions: Cisco IP Phone 7800 and 8800 Series firmware (prior to 14.2(1)). Vulnerability: Cisco Discovery Protocol (CDP) processing feature accepts crafted CDP packets due to insufficient input validation, enabling an unauthenticated, adjacent attacker to trigger a stack overflow...

8.8CVSS8.9AI score0.06099EPSS
CVE
CVE
added 2020/02/05 5:40 p.m.119 views

CVE-2020-3111

CVE-2020-3111 is a Cisco CDP vulnerability in Cisco IP Phones that allows an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload (DoS) by sending crafted CDP packets. Root cause: missing checks when processing CDP messages in the Layer 2 CDP implemen...

8.8CVSS8.6AI score0.03095EPSS
CVE
CVE
added 2024/11/18 3:42 p.m.102 views

CVE-2021-1379

CVE-2021-1379 affects Cisco IP Phone Series 68xx/78xx/88xx via Cisco Discovery Protocol and LLDP processing. Root cause: missing checks when handling Cisco Discovery Protocol or LLDP packets, allowing an unauthenticated, adjacent attacker (Layer 2) to execute code remotely or cause a reload, resu...

6.5CVSS6.9AI score0.00315EPSS
CVE
CVE
added 2022/01/14 5:1 a.m.100 views

CVE-2022-20660

CVE-2022-20660 affects Cisco IP Phones where confidential data is stored unencrypted on flash memory. An unauthenticated, physical attacker could extract memory to obtain confidential information. Cisco has released software updates addressing this vulnerability; the Tenable/Cisco advisories conf...

4.6CVSS4.3AI score0.00351EPSS
CVE
CVE
added 2022/04/06 6:12 p.m.96 views

CVE-2022-20774

CVE-2022-20774 affects Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware. The issue is an insufficient CSRF protection in the web-based management interface, enabling an unauthenticated attacker to induce a logged-in user to perform actions via a crafted link. Successful expl...

8.1CVSS7.4AI score0.00383EPSS
CVE
CVE
added 2021/10/06 7:46 p.m.60 views

CVE-2021-34711

CVE-2021-34711 affects Cisco IP Phone software. A vulnerability in the debug shell allows an authenticated, local attacker to read arbitrary files on the device filesystem due to insufficient input validation. The issue is triggered by crafted input to a debug shell command. The impact is read ac...

5.5CVSS5.2AI score0.00258EPSS
CVE
CVE
added 2019/05/03 2:55 p.m.59 views

CVE-2019-1635

CVE-2019-1635 affects Cisco IP Phone 7800 and 8800 Series SIP software. The issue is due to incomplete error handling when parsing XML data in SIP packets, allowing an unauthenticated, remote attacker to cause the phone to reload and experience a temporary DoS. The vulnerability applies to the ca...

7.8CVSS7.6AI score0.01967EPSS
CVE
CVE
added 2024/11/06 4:29 p.m.57 views

CVE-2024-20445

CVE-2024-20445 affects Cisco Desk Phone 9800 Series, Cisco IP Phone 7800/8800 Series, and Cisco Video Phone 8875. The issue is improper storage of sensitive information in the web UI for SIP-based phone loads, allowing an unauthenticated, remote attacker to access sensitive data (including call r...

5.3CVSS5.2AI score0.0045EPSS
CVE
CVE
added 2021/07/22 4:53 p.m.52 views

CVE-2021-33478

The CVE-2021-33478 issue concerns the TrustZone implementation in Broadcom MediaxChange firmware, affecting Cisco IP Phone and Wireless IP Phone devices. The vulnerability allows an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone TEE, with explo...

6.8CVSS7AI score0.00304EPSS
CVE
CVE
added 2019/02/21 8:0 p.m.45 views

CVE-2019-1684

CVE-2019-1684 affects Cisco IP Phone 7800 and 8800 Series. The issue arises from missing length validation in the Cisco Discovery Protocol (CDP) / Link Layer Discovery Protocol (LLDP) header fields, allowing an unauthenticated, adjacent attacker to cause an affected phone to reload and experience...

6.5CVSS6.4AI score0.0064EPSS
CVE
CVE
added 2025/09/03 5:41 p.m.24 views

CVE-2025-20336

CVE-2025-20336 affects Cisco Desk Phone 9800 Series, Cisco IP Phone 7800/8800 Series, and Cisco Video Phone 8875. The root cause is a directory permissions issue that can permit an unauthenticated, remote attacker to access sensitive information from the device. Exploitation requires Web Access t...

7.5CVSS6.1AI score0.00349EPSS
CVE
CVE
added 2025/09/03 5:41 p.m.23 views

CVE-2025-20335

Cisco fixed a directory-permissions vulnerability affecting Desk Phone 9800 Series, IP Phone 7800/8800 Series, and Video Phone 8875 with SIP firmware. An unauthenticated, remote attacker could write arbitrary files to specific OS directories by sending crafted requests, exploiting weak directory ...

5.3CVSS6.7AI score0.00332EPSS
CVE
CVE
added 2025/10/15 4:15 p.m.18 views

CVE-2025-20350

CVE-2025-20350 affects Cisco Desk Phone 9800 Series, Cisco IP Phone 7800/8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software. The issue is a stack/heap buffer overflow when the device processes HTTP input in the web UI, leading to a DoS where the device reloads. Exploitation requir...

7.5CVSS6.9AI score0.00446EPSS
CVE
CVE
added 2025/10/15 4:15 p.m.18 views

CVE-2025-20351

CVE-2025-20351 affects Cisco Desk Phone 9800 Series, IP Phone 7800/8800 Series, and Video Phone 8875 running Cisco SIP Software. The web UI fails to sufficiently validate user-supplied input, enabling unauthenticated remote XSS when a user is persuaded to click a crafted link. Impact could includ...

6.1CVSS6.4AI score0.00262EPSS