20 matches found
CVE-2020-3161
The CVE-2020-3161 issue affects the web server used by Cisco IP Phones, where improper input validation of HTTP requests can allow an unauthenticated, remote attacker to execute code with root privileges or trigger a reload, causing a DoS. The vulnerability is tied to input validation flaws in th...
CVE-2019-1922
Cisco IP Phone 7800/8800 Series SIP handling is affected by a vulnerability in Cisco SIP IP Phone Software due to insufficient validation of SIP packets. An unauthenticated remote attacker can craft SIP replies during registration to trigger a DoS, causing the phone to reboot and fail registratio...
CVE-2023-20078
Cisco IP Phones (6800, 7800, 7900, 8800 series) web-based management interface contains multiple vulnerabilities due to insufficient input validation that can allow an unauthenticated attacker to execute arbitrary code (CVE-2023-20078) or cause a DoS (CVE-2023-20079). Cisco cites a command-inject...
CVE-2023-20079
CVE-2023-20079 affects Cisco IP Phones (6800/7800/7900/8800 series) via the web-based management interface. The root cause is insufficient validation of user-supplied input in the web UI, enabling an unauthenticated, remote attacker to trigger a denial-of-service condition (DoS). Public details i...
CVE-2019-16008
Cisco IP Phone 6800/7800/8800 Series with Multiplatform Firmware expose a cross-site scripting (XSS) vulnerability in the web‑based GUI due to insufficient input validation. An authenticated, remote attacker could entice a user to click a crafted link, allowing arbitrary script execution or acces...
CVE-2023-20018
CVE-2023-20018 affects Cisco IP Phone 7800 and 8800 Series through the web-based management interface. The issue is an authentication bypass caused by insufficient validation of user-supplied input, enabling an unauthenticated, remote attacker to access parts of the web interface that normally re...
CVE-2022-20968
Affected product/versions: Cisco IP Phone 7800 and 8800 Series firmware (prior to 14.2(1)). Vulnerability: Cisco Discovery Protocol (CDP) processing feature accepts crafted CDP packets due to insufficient input validation, enabling an unauthenticated, adjacent attacker to trigger a stack overflow...
CVE-2020-3111
CVE-2020-3111 is a Cisco CDP vulnerability in Cisco IP Phones that allows an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload (DoS) by sending crafted CDP packets. Root cause: missing checks when processing CDP messages in the Layer 2 CDP implemen...
CVE-2021-1379
CVE-2021-1379 affects Cisco IP Phone Series 68xx/78xx/88xx via Cisco Discovery Protocol and LLDP processing. Root cause: missing checks when handling Cisco Discovery Protocol or LLDP packets, allowing an unauthenticated, adjacent attacker (Layer 2) to execute code remotely or cause a reload, resu...
CVE-2022-20660
CVE-2022-20660 affects Cisco IP Phones where confidential data is stored unencrypted on flash memory. An unauthenticated, physical attacker could extract memory to obtain confidential information. Cisco has released software updates addressing this vulnerability; the Tenable/Cisco advisories conf...
CVE-2022-20774
CVE-2022-20774 affects Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware. The issue is an insufficient CSRF protection in the web-based management interface, enabling an unauthenticated attacker to induce a logged-in user to perform actions via a crafted link. Successful expl...
CVE-2021-34711
CVE-2021-34711 affects Cisco IP Phone software. A vulnerability in the debug shell allows an authenticated, local attacker to read arbitrary files on the device filesystem due to insufficient input validation. The issue is triggered by crafted input to a debug shell command. The impact is read ac...
CVE-2019-1635
CVE-2019-1635 affects Cisco IP Phone 7800 and 8800 Series SIP software. The issue is due to incomplete error handling when parsing XML data in SIP packets, allowing an unauthenticated, remote attacker to cause the phone to reload and experience a temporary DoS. The vulnerability applies to the ca...
CVE-2024-20445
CVE-2024-20445 affects Cisco Desk Phone 9800 Series, Cisco IP Phone 7800/8800 Series, and Cisco Video Phone 8875. The issue is improper storage of sensitive information in the web UI for SIP-based phone loads, allowing an unauthenticated, remote attacker to access sensitive data (including call r...
CVE-2021-33478
The CVE-2021-33478 issue concerns the TrustZone implementation in Broadcom MediaxChange firmware, affecting Cisco IP Phone and Wireless IP Phone devices. The vulnerability allows an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone TEE, with explo...
CVE-2019-1684
CVE-2019-1684 affects Cisco IP Phone 7800 and 8800 Series. The issue arises from missing length validation in the Cisco Discovery Protocol (CDP) / Link Layer Discovery Protocol (LLDP) header fields, allowing an unauthenticated, adjacent attacker to cause an affected phone to reload and experience...
CVE-2025-20336
CVE-2025-20336 affects Cisco Desk Phone 9800 Series, Cisco IP Phone 7800/8800 Series, and Cisco Video Phone 8875. The root cause is a directory permissions issue that can permit an unauthenticated, remote attacker to access sensitive information from the device. Exploitation requires Web Access t...
CVE-2025-20335
Cisco fixed a directory-permissions vulnerability affecting Desk Phone 9800 Series, IP Phone 7800/8800 Series, and Video Phone 8875 with SIP firmware. An unauthenticated, remote attacker could write arbitrary files to specific OS directories by sending crafted requests, exploiting weak directory ...
CVE-2025-20350
CVE-2025-20350 affects Cisco Desk Phone 9800 Series, Cisco IP Phone 7800/8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software. The issue is a stack/heap buffer overflow when the device processes HTTP input in the web UI, leading to a DoS where the device reloads. Exploitation requir...
CVE-2025-20351
CVE-2025-20351 affects Cisco Desk Phone 9800 Series, IP Phone 7800/8800 Series, and Video Phone 8875 running Cisco SIP Software. The web UI fails to sufficiently validate user-supplied input, enabling unauthenticated remote XSS when a user is persuaded to click a crafted link. Impact could includ...