IP Phone
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-28065 | Med | 0.38 | 5.9 | 0.00 | Apr 5, 2024 | In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash. | ||
| CVE-2020-3161 | 0.22 | — | 0.87 | KEV | Apr 15, 2020 | A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper… | ||
| CVE-2024-20376 | 0.00 | — | 0.01 | May 1, 2024 | A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. This vulnerability is due to insufficient validation of user-supplied input.… | |||
| CVE-2024-20378 | 0.00 | — | 0.01 | May 1, 2024 | A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the… | |||
| CVE-2024-28066 | 0.00 | — | 0.00 | Apr 8, 2024 | In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password). | |||
| CVE-2022-20660 | 0.00 | — | 0.00 | Jan 14, 2022 | A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on… | |||
| CVE-2021-34711 | 0.00 | — | 0.00 | Oct 6, 2021 | A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted… | |||
| CVE-2020-3111 | 0.00 | — | 0.00 | Feb 5, 2020 | A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when… | |||
| CVE-2002-0881 | 0.00 | — | 0.00 | Oct 4, 2002 | Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default administrative password, which allows attackers with physical access to the phone to modify the configuration settings. | |||
| CVE-2002-0882 | 0.00 | — | 0.02 | Oct 4, 2002 | The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the… | |||
| CVE-2002-0880 | 0.00 | — | 0.01 | Oct 4, 2002 | Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attackers to cause a denial of service (crash) via malformed packets as demonstrated by (1) "jolt", (2) "jolt2", (3) "raped", (4) "hping2", (5) "bloop", (6) "bubonic", (7) "mutant", (8) "trash", and (9) "trash2." |
- risk 0.38cvss 5.9epss 0.00
In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash.
- risk 0.22cvss —epss 0.87
A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper…
- CVE-2024-20376May 1, 2024risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. This vulnerability is due to insufficient validation of user-supplied input.…
- CVE-2024-20378May 1, 2024risk 0.00cvss —epss 0.01
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the…
- CVE-2024-28066Apr 8, 2024risk 0.00cvss —epss 0.00
In Unify CP IP Phone firmware 1.10.4.3, Weak Credentials are used (a hardcoded root password).
- CVE-2022-20660Jan 14, 2022risk 0.00cvss —epss 0.00
A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on…
- CVE-2021-34711Oct 6, 2021risk 0.00cvss —epss 0.00
A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted…
- CVE-2020-3111Feb 5, 2020risk 0.00cvss —epss 0.00
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when…
- CVE-2002-0881Oct 4, 2002risk 0.00cvss —epss 0.00
Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default administrative password, which allows attackers with physical access to the phone to modify the configuration settings.
- CVE-2002-0882Oct 4, 2002risk 0.00cvss —epss 0.02
The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allows remote attackers to cause a denial of service (reset) and possibly read sensitive memory via a large integer value in (1) the stream ID of the StreamingStatistics script, or (2) the port ID of the…
- CVE-2002-0880Oct 4, 2002risk 0.00cvss —epss 0.01
Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attackers to cause a denial of service (crash) via malformed packets as demonstrated by (1) "jolt", (2) "jolt2", (3) "raped", (4) "hping2", (5) "bloop", (6) "bubonic", (7) "mutant", (8) "trash", and (9) "trash2."