VYPR

Session Initiation Protocol \(sip\) Firmware

by Cisco Systems, Inc.

CVEs (19)

  • CVE-2022-20968Dec 8, 2022
    risk 0.01cvss epss 0.06

    A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of…

  • CVE-2025-20351Oct 15, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability…

  • CVE-2025-20350Oct 15, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due…

  • CVE-2025-20335Sep 3, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of…

  • CVE-2025-20336Sep 3, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability exists…

  • CVE-2025-20158Feb 19, 2025
    risk 0.00cvss epss 0.00

    A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative…

  • CVE-2021-1379Nov 18, 2024
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP…

  • CVE-2024-20534Nov 6, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against…

  • CVE-2024-20533Nov 6, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against…

  • CVE-2024-20445Nov 6, 2024
    risk 0.00cvss epss 0.00

    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage…

  • CVE-2023-20265Nov 21, 2023
    risk 0.00cvss epss 0.00

    A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to…

  • CVE-2023-20018Jan 19, 2023
    risk 0.00cvss epss 0.01

    A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An…

  • CVE-2022-20660Jan 14, 2022
    risk 0.00cvss epss 0.00

    A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on…

  • CVE-2008-0531Feb 15, 2008
    risk 0.00cvss epss 0.03

    Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote SIP servers to execute arbitrary code via a crafted challenge/response message.

  • CVE-2008-0529Feb 15, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command.

  • CVE-2008-0528Feb 15, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote attackers to execute arbitrary code via a SIP message with crafted MIME data.

  • CVE-2008-0530Feb 15, 2008
    risk 0.00cvss epss 0.05

    Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP and SIP firmware might allow remote attackers to execute arbitrary code via a crafted DNS response.

  • CVE-2008-0527Feb 15, 2008
    risk 0.00cvss epss 0.02

    The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a crafted HTTP request.

  • CVE-2008-0526Feb 15, 2008
    risk 0.00cvss epss 0.02

    Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP firmware allows remote attackers to cause a denial of service (reboot) via a long ICMP echo request (ping) packet.