Cisco Session Initiation Protocol Software vulnerabilities

13 known vulnerabilities affecting cisco/cisco_session_initiation_protocol_software.

Total CVEs
13
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM10

Vulnerabilities

Page 1 of 1
CVE-2025-20350HIGHCVSS 7.5v12.1(1)SR1v11.5(1)+94 more2025-10-15
CVE-2025-20350 [HIGH] CWE-121 CVE-2025-20350: A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attac
cvelistv5nvd
CVE-2025-20351MEDIUMCVSS 6.1v12.1(1)SR1v11.5(1)+96 more2025-10-15
CVE-2025-20351 [MEDIUM] CWE-79 CVE-2025-20351: A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability exists because the web UI of an affected device does not sufficiently validate
cvelistv5nvd
CVE-2025-20336HIGHCVSS 7.5v12.1(1)SR1v11.5(1)+70 more2025-09-03
CVE-2025-20336 [HIGH] CWE-200 CVE-2025-20336: A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 an A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability exists because the product exposes sensitive information to an actor that is not explici
cvelistv5nvd
CVE-2025-20335MEDIUMCVSS 5.3v12.1(1)SR1v11.5(1)+94 more2025-09-03
CVE-2025-20335 [MEDIUM] CWE-284 CVE-2025-20335: A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 an A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerabil
cvelistv5nvd
CVE-2025-20158MEDIUMCVSS 4.4v3.1(1)v3.0(1)+7 more2025-02-19
CVE-2025-20158 [MEDIUM] CWE-200 CVE-2025-20158: A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access on the affected device. SSH access is disabled by defau
cvelistv5nvd
CVE-2021-1379MEDIUMCVSS 6.5v9.0(3)v9.0(2)SR2+78 more2024-11-18
CVE-2021-1379 [MEDIUM] CWE-120 CVE-2021-1379: Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLD Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Ci
cvelistv5nvd
CVE-2024-20534MEDIUMCVSS 4.8v3.1(1)v3.0(1)+1 more2024-11-06
CVE-2024-20534 [MEDIUM] CWE-79 CVE-2024-20534: A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 S A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users. This vulnerability exists because the web UI of an affected device do
cvelistv5nvd
CVE-2024-20445MEDIUMCVSS 5.3v12.1(1)SR1v11.5(1)+61 more2024-11-06
CVE-2024-20445 [MEDIUM] CWE-200 CVE-2024-20445: A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (
cvelistv5nvd
CVE-2024-20533MEDIUMCVSS 4.8v3.1(1)v3.0(1)+1 more2024-11-06
CVE-2024-20533 [MEDIUM] CWE-79 CVE-2024-20533: A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 S A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users. This vulnerability exists because the web UI of an affected device do
cvelistv5nvd
CVE-2023-20265MEDIUMCVSS 5.4v9.3(1)v9.1(1)+7 more2023-11-21
CVE-2023-20265 [MEDIUM] CWE-79 CVE-2023-20265: A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could all A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit thi
cvelistv5nvd
CVE-2023-20018MEDIUMCVSS 6.5v9.3(4) 3rd Partyv9.3(4)SR3 3rd Party+73 more2023-01-20
CVE-2023-20018 [MEDIUM] CWE-288 CVE-2023-20018: A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to th
cvelistv5nvd
CVE-2022-20968HIGHCVSS 8.8v9.3(4) 3rd Partyv9.3(4)SR3 3rd Party+52 more2022-12-12
CVE-2022-20968 [HIGH] CWE-787 CVE-2022-20968: A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 S A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vu
cvelistv5nvd
CVE-2022-20660MEDIUMCVSS 4.6vn/a2022-01-14
CVE-2022-20660 [MEDIUM] CWE-312 CVE-2022-20660: A vulnerability in the information storage architecture of several Cisco IP Phone models could allow A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by phys
cvelistv5nvd