Ip Phone 8800 Series Firmware

CVEs (9)

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-1403	Hig	0.51	7.8	0.00	Jun 4, 2016	CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.
CVE-2016-1479	Hig	0.49	7.5	0.01	Aug 22, 2016	Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038.
CVE-2016-1421	Hig	0.49	7.5	0.07	Jun 10, 2016	A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
CVE-2016-1435	Hig	0.46	7.0	0.00	Jun 23, 2016	Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.
CVE-2017-12305	Med	0.44	6.7	0.00	Nov 16, 2017	A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034.
CVE-2016-1434	Med	0.42	6.5	0.00	Jun 23, 2016	The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010.
CVE-2017-12328	Med	0.38	5.8	0.01	Nov 30, 2017	A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590.
CVE-2017-6630	Med	0.35	5.3	0.01	May 22, 2017	A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795.
CVE-2016-1476	Med	0.35	5.4	0.00	Aug 22, 2016	Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024.

CVE-2016-1403HigJun 4, 2016
risk 0.51cvss 7.8epss 0.00
CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.
CVE-2016-1479HigAug 22, 2016
risk 0.49cvss 7.5epss 0.01
Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038.
CVE-2016-1421HigJun 10, 2016
risk 0.49cvss 7.5epss 0.07
A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
CVE-2016-1435HigJun 23, 2016
risk 0.46cvss 7.0epss 0.00
Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.
CVE-2017-12305MedNov 16, 2017
risk 0.44cvss 6.7epss 0.00
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034.
CVE-2016-1434MedJun 23, 2016
risk 0.42cvss 6.5epss 0.00
The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010.
CVE-2017-12328MedNov 30, 2017
risk 0.38cvss 5.8epss 0.01
A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590.
CVE-2017-6630MedMay 22, 2017
risk 0.35cvss 5.3epss 0.01
A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795.
CVE-2016-1476MedAug 22, 2016
risk 0.35cvss 5.4epss 0.00
Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024.