Cisco Ip Phone 8821 Firmware vulnerabilities
10 known vulnerabilities affecting cisco/ip_phone_8821_firmware.
Total CVEs
10
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH4MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2025-20350HIGHCVSS 7.5fixed in 11.0\(1\)v11.0\(0.7\)+6 more2025-10-15
CVE-2025-20350 [HIGH] CWE-121 CVE-2025-20350: A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series,
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attac
nvd
CVE-2025-20351MEDIUMCVSS 6.1fixed in 11.0\(1\)v11.0\(0.7\)+6 more2025-10-15
CVE-2025-20351 [MEDIUM] CWE-79 CVE-2025-20351: A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series,
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI.
This vulnerability exists because the web UI of an affected device does not sufficiently validate
nvd
CVE-2025-20336HIGHCVSS 7.5fixed in 11.0\(6\)v11.0\(6\)2025-09-03
CVE-2025-20336 [HIGH] CWE-200 CVE-2025-20336: A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 an
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability exists because the product exposes sensitive information to an actor that is not explici
nvd
CVE-2025-20335MEDIUMCVSS 5.3fixed in 11.0\(6\)v11.0\(6\)2025-09-03
CVE-2025-20335 [MEDIUM] CWE-284 CVE-2025-20335: A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 an
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device.
This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerabil
nvd
CVE-2023-20018MEDIUMCVSS 6.5fixed in 14.1\(1\)sr22023-01-20
CVE-2023-20018 [MEDIUM] CWE-288 CVE-2023-20018: A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to th
nvd
CVE-2020-3161CRITICALCVSS 9.8KEVPoCv10.3\(1\)es14v11.0\(1\)+1 more2020-04-15
CVE-2020-3161 [CRITICAL] CWE-20 CVE-2020-3161: A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacke
A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerabi
nvd
CVE-2019-1716CRITICALCVSS 9.8fixed in 11.0\(4\)sr32019-03-22
CVE-2019-1716 [CRITICAL] CWE-20 CVE-2019-1716: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user
nvd
CVE-2019-1764HIGHCVSS 8.8fixed in 11.0\(5\)2019-03-22
CVE-2019-1764 [HIGH] CWE-352 CVE-2019-1764: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An
nvd
CVE-2019-1763HIGHCVSS 7.5fixed in 11.0\(5\)2019-03-22
CVE-2019-1763 [HIGH] CWE-284 CVE-2019-1763: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exists because the software fails to sanitize URLs before it
nvd
CVE-2019-1765MEDIUMCVSS 6.5fixed in 11.0\(5\)2019-03-22
CVE-2019-1765 [MEDIUM] CWE-22 CVE-2019-1765: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by
nvd