VYPR

IP Phone

by Cisco Systems, Inc.

CVEs (21)

  • CVE-2020-3161CriKEVApr 15, 2020
    risk 0.85cvss 9.8epss 0.84

    A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper…

  • CVE-2023-20079CriMar 3, 2023
    risk 0.65cvss 9.8epss 0.10

    Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details…

  • CVE-2023-20078CriMar 3, 2023
    risk 0.65cvss 9.8epss 0.10

    Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details…

  • CVE-2020-3111HigFeb 5, 2020
    risk 0.57cvss 8.8epss 0.03

    A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when…

  • CVE-2024-20378HigMay 1, 2024
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the…

  • CVE-2024-20376HigMay 1, 2024
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. This vulnerability is due to insufficient validation of user-supplied input.…

  • CVE-2016-1421HigJun 10, 2016
    risk 0.49cvss 7.5epss 0.04

    A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the…

  • CVE-2005-3803HigNov 24, 2005
    risk 0.49cvss 7.5epss 0.02

    Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information.

  • CVE-2021-33478MedJul 22, 2021
    risk 0.44cvss 6.8epss 0.00

    The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain…

  • CVE-2023-20221MedAug 16, 2023
    risk 0.42cvss 6.5epss 0.00

    A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management…

  • CVE-2024-20357MedMay 1, 2024
    risk 0.38cvss 5.9epss 0.00

    A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could…

  • CVE-2021-34711MedOct 6, 2021
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted…

  • CVE-2022-20660MedJan 14, 2022
    risk 0.30cvss 4.6epss 0.00

    A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on…

  • CVE-2007-4459Aug 21, 2007
    risk 0.04cvss epss 0.14

    Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP firmware before 8.7(0), allows remote attackers to cause a denial of service (device reboot) via (1) a certain sequence of 10 invalid SIP INVITE and OPTIONS messages; or (2) a certain invalid SIP INVITE…

  • CVE-2007-5583Dec 18, 2007
    risk 0.03cvss epss 0.06

    Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459.

  • CVE-2015-0751May 29, 2015
    risk 0.00cvss epss 0.02

    Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.

  • CVE-2008-4444Jan 16, 2009
    risk 0.00cvss epss 0.03

    Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with…

  • CVE-2005-4794Dec 31, 2005
    risk 0.00cvss epss 0.02

    Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset.

  • CVE-2005-3804Nov 24, 2005
    risk 0.00cvss epss 0.03

    Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service.

  • CVE-2002-0880Oct 4, 2002
    risk 0.00cvss epss 0.01

    Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attackers to cause a denial of service (crash) via malformed packets as demonstrated by (1) "jolt", (2) "jolt2", (3) "raped", (4) "hping2", (5) "bloop", (6) "bubonic", (7) "mutant", (8) "trash", and (9) "trash2."

Page 1 of 2