Cisco Ip Phone 6861 Firmware vulnerabilities

CVE-2023-20078 [CRITICAL] CWE-121 CVE-2023-20078: Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allo Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2023-20079 [CRITICAL] CWE-121 CVE-2023-20079: Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allo Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2022-20774 [MEDIUM] CWE-345 CVE-2022-20774: A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protection

CVE-2020-26141 [MEDIUM] CWE-354 CVE-2020-26141: An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementa An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.

CVE-2020-3111 [HIGH] CWE-20 CVE-2020-3111: A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulner

CVE-2019-16008 [MEDIUM] CWE-79 CVE-2019-16008: A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatfor A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the w