Cisco Small Business Ip Phones vulnerabilities

CVE-2021-1379 [MEDIUM] CWE-120 CVE-2021-1379: Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLD Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Ci

CVE-2024-20450 [CRITICAL] CWE-120 CVE-2024-20450: Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP pac

CVE-2024-20454 [CRITICAL] CWE-120 CVE-2024-20454: Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system with root privileges. These vulnerabilities exist because incoming HTTP pac

CVE-2024-20451 [HIGH] CWE-120 CVE-2024-20451: Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly. These vulnerabilities exist because HTTP packets are not properly checked for errors. An att

CVE-2023-20218 [MEDIUM] CWE-80 CVE-2023-20218: A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters ( A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software.

CVE-2023-20181 [MEDIUM] CWE-80 CVE-2023-20181: A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phone A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnera

CVE-2023-20126 [CRITICAL] CWE-306 CVE-2023-20126: A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could al A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an