Cisco Video Phone 8875 Firmware vulnerabilities
9 known vulnerabilities affecting cisco/video_phone_8875_firmware.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2025-20350HIGHCVSS 7.5fixed in 2.3\(1\)≥ 3.0\(1\), ≤ 3.2\(1\)+1 more2025-10-15
CVE-2025-20350 [HIGH] CWE-121 CVE-2025-20350: A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series,
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attac
nvd
CVE-2025-20351MEDIUMCVSS 6.1fixed in 2.3\(1\)≥ 3.0\(1\), ≤ 3.2\(1\)+1 more2025-10-15
CVE-2025-20351 [MEDIUM] CWE-79 CVE-2025-20351: A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series,
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI.
This vulnerability exists because the web UI of an affected device does not sufficiently validate
nvd
CVE-2025-20336HIGHCVSS 7.5fixed in 2.3\(1\)≥ 3.0\(1\), < 3.3\(1\)+1 more2025-09-03
CVE-2025-20336 [HIGH] CWE-200 CVE-2025-20336: A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 an
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability exists because the product exposes sensitive information to an actor that is not explici
nvd
CVE-2025-20335MEDIUMCVSS 5.3fixed in 2.3\(1\)≥ 3.0\(1\), < 3.3\(1\)+1 more2025-09-03
CVE-2025-20335 [MEDIUM] CWE-284 CVE-2025-20335: A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 an
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device.
This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerabil
nvd
CVE-2025-20158MEDIUMCVSS 4.4fixed in 3.3\(1\)2025-02-19
CVE-2025-20158 [MEDIUM] CWE-200 CVE-2025-20158: A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could
A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access on the affected device. SSH access is disabled by defau
nvd
CVE-2024-20445MEDIUMCVSS 5.3fixed in 2.3\(1\)v2.3\(1\)2024-11-06
CVE-2024-20445 [MEDIUM] CWE-200 CVE-2024-20445: A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series,
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (
nvd
CVE-2024-20376HIGHCVSS 7.5fixed in 2.3.1.01012024-05-01
CVE-2024-20376 [HIGH] CWE-787 CVE-2024-20376: A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unau
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to t
nvd
CVE-2024-20357MEDIUMCVSS 5.9fixed in 2.3.1.01012024-05-01
CVE-2024-20357 [MEDIUM] CWE-787 CVE-2024-20357: A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote
A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device.
This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device.
nvd
CVE-2023-20221MEDIUMCVSS 6.5fixed in 2.02023-08-16
CVE-2023-20221 [MEDIUM] CWE-352 CVE-2023-20221: A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system.
This vulnerability is due to insufficient CSRF
nvd