Cisco Ip Phone 8800 Firmware vulnerabilities
9 known vulnerabilities affecting cisco/ip_phone_8800_firmware.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2023-20018MEDIUMCVSS 6.5fixed in 14.1\(1\)sr22023-01-20
CVE-2023-20018 [HIGH] CWE-288 CVE-2023-20018: A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the
nvd
CVE-2021-33478MEDIUMCVSS 6.8fixed in 14.0\(1\)2021-07-22
CVE-2021-33478 [MEDIUM] CWE-119 CVE-2021-33478: The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticate
The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploi
nvd
CVE-2019-1716CRITICALCVSS 9.8fixed in 12.5\(1\)sr12019-03-22
CVE-2019-1716 [HIGH] CWE-20 CVE-2019-1716: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-sup
nvd
CVE-2019-1764HIGHCVSS 8.8fixed in 12.5\(1\)sr12019-03-22
CVE-2019-1764 [HIGH] CWE-352 CVE-2019-1764: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An
nvd
CVE-2019-1763HIGHCVSS 7.5fixed in 12.5\(1\)sr12019-03-22
CVE-2019-1763 [HIGH] CWE-284 CVE-2019-1763: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exists because the software fails to sanitize URLs before it
nvd
CVE-2019-1766HIGHCVSS 7.5fixed in 12.5\(1\)sr12019-03-22
CVE-2019-1766 [HIGH] CWE-20 CVE-2019-1766: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of cer
nvd
CVE-2019-1765MEDIUMCVSS 6.5fixed in 12.5\(1\)sr12019-03-22
CVE-2019-1765 [HIGH] CWE-22 CVE-2019-1765: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by up
nvd
CVE-2019-1684MEDIUMCVSS 6.5fixed in 12.6\(1\)mn802019-02-21
CVE-2019-1684 [MEDIUM] CWE-399 CVE-2019-1684: A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementati
A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to missing length va
nvd
CVE-2018-0325HIGHCVSS 7.5v9.4\(2\)sr4v10.3\(1\)sr42018-05-17
CVE-2018-0325 [HIGH] CWE-20 CVE-2018-0325: A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Pho
A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to incomplete input validation of SIP Session Descriptio
nvd