CVSS: 10.0EPSS: 9%CPEs: 18EXPL: 0CVE-2008-0529
https://notcve.org/view.php?id=CVE-2008-0529
Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command. Desbordamiento de búfer en el servidor de telnet de Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, y 7971G ejecutándose en un software empotrado (firmware) SCCP, puede que permita a usuarios autenticados remotamente ejecutar código de su elección mediante un comando manipulado. • http://secunia.com/advisories/28935 http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml http://www.securityfocus.com/bid/27774 http://www.securitytracker.com/id?1019410 http://www.vupen.com/english/advisories/2008/0543 https://exchange.xforce.ibmcloud.com/vulnerabilities/40493 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 11%CPEs: 18EXPL: 0CVE-2008-0530
https://notcve.org/view.php?id=CVE-2008-0530
Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP and SIP firmware might allow remote attackers to execute arbitrary code via a crafted DNS response. Desbordamiento de búfer en los teléfonos Cisco Unified IP Phone 7940, 7940G, 7960 y 7960G ejecutándose en los software empotrados (firmware) SCCP y SIP, puede que permitan a atacantes remotos ejecutar código de su elección mediante una respuesta de DNS manipulada. • http://secunia.com/advisories/28935 http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml http://www.securityfocus.com/bid/27774 http://www.securitytracker.com/id?1019406 http://www.vupen.com/english/advisories/2008/0543 https://exchange.xforce.ibmcloud.com/vulnerabilities/40485 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 18EXPL: 0CVE-2008-0531
https://notcve.org/view.php?id=CVE-2008-0531
Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote SIP servers to execute arbitrary code via a crafted challenge/response message. Desbordamiento de búfer basado en montículo en los teléfonos Cisco Unified IP Phone 7940, 7940G, 7960 y 7960G ejecutándose en un software empotrado (firmware) SIP, puede que permita a servidores SIP remotos ejecutar código de su elección mediante un mensaje de desafío/respuesta. • http://secunia.com/advisories/28935 http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml http://www.securityfocus.com/bid/27774 http://www.securitytracker.com/id?1019411 http://www.vupen.com/english/advisories/2008/0543 https://exchange.xforce.ibmcloud.com/vulnerabilities/40498 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 3CVE-2007-5583 – Cisco Phone 7940 - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-5583
Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers to cause a denial of service ("486 Busy" responses or device reboot) via a sequence of SIP INVITE transactions in which the Request-URI lacks a user name, a different vulnerability than CVE-2007-4459. Cisco IP Phone 7940 con firmware P0S3-08-7-00 permite a atacantes remotos provocar denegación de servicio (respuesta "486 busy" o reinicio del dispositivo) a través de una secuencia de transacciones SIP INVITE en los cuales la respuesta-URI carece de un nombre de usuario, una vulnerabilidad diferente que CVE-2007-4459. • https://www.exploit-db.com/exploits/4692 http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058837.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/058932.html http://seclists.org/fulldisclosure/2007/Dec/0196.html http://www.securityfocus.com/bid/26711 http://www.securitytracker.com/id?1019059 https://exchange.xforce.ibmcloud.com/vulnerabilities/38853 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-6190
https://notcve.org/view.php?id=CVE-2007-6190
The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream. El demonio HTTP en el teléfono Cisco Unified IPD Phone, cuando la funcionalidad de Movilidad de Extensión (Extension Mobility) está habilitada, permite a usuarios autenticados remotamente de otros teléfonos asociados con el mismo servidor CUCM escuchar el entorno físico sin ser detectados mediante un mensaje CiscoIPPhoneExecute que contenga un atributo URL de un elemento ExecuteItem que especifica un flujo de audio en el protocolo RTP (Real-Time Transport Protocol). • http://osvdb.org/40874 http://secunia.com/advisories/27829 http://securitytracker.com/id?1019006 http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf http://www.securityfocus.com/bid/26668 http://www.vupen.com/english/advisories/2007/4036 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •