CVSS: 7.2EPSS: 0%CPEs: 12EXPL: 0CVE-2007-1072
https://notcve.org/view.php?id=CVE-2007-1072
The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063. El interfaz de linea de comando (CLI) en Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, y 7971G, con firmware 8.0(4)SR1 y anteriores permite a usuarios locales obtener privilegios o provocar denegación de servicio a través de vectores no especificados. NOTA: este asunto podría estar apalancada remotamente a través de CVE-2007-1063. • http://osvdb.org/33064 http://secunia.com/advisories/24262 http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml http://www.securityfocus.com/bid/22647 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 1%CPEs: 12EXPL: 0CVE-2007-1063
https://notcve.org/view.php?id=CVE-2007-1063
The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device. El servidor SSH en Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, y 7971G, con firmware 8.0(4)SR1 y anteriores, utiliza un nombre de usuario y contraseña fuertemente codificada, lo cual permite a atacantes remotos acceder al dispositivo. • http://osvdb.org/45246 http://secunia.com/advisories/24262 http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml http://www.securityfocus.com/bid/22647 http://www.securitytracker.com/id?1017681 http://www.vupen.com/english/advisories/2007/0689 https://exchange.xforce.ibmcloud.com/vulnerabilities/32627 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 4CVE-2006-0179 – Cisco IP Phone 7940 - Reboot (Denial of Service)
https://notcve.org/view.php?id=CVE-2006-0179
The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large amount of TCP SYN packets (syn flood) to arbitrary ports, as demonstrated to port 80. • https://www.exploit-db.com/exploits/1411 http://downloads.securityfocus.com/vulnerabilities/exploits/cisco_ip7940_dos.pl http://secunia.com/advisories/18479 http://securitytracker.com/id?1015488 http://www.cisco.com/warp/public/707/cisco-response-20060113-ip-phones.shtml http://www.osvdb.org/22469 http://www.securityfocus.com/bid/16200 http://www.vupen.com/english/advisories/2006/0202 https://exchange.xforce.ibmcloud.com/vulnerabilities/24117 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 12%CPEs: 8EXPL: 0CVE-2005-4794
https://notcve.org/view.php?id=CVE-2005-4794
Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset. • http://secunia.com/advisories/15472 http://securitytracker.com/id?1014043 http://securitytracker.com/id?1014044 http://securitytracker.com/id?1014045 http://securitytracker.com/id?1014046 http://securitytracker.com/id? •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2005-3803
https://notcve.org/view.php?id=CVE-2005-3803
Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. Cisco IP Phone (VoIP) 7920 1.0(8) contiene ciertas cadenas de comunidad SNMP fijas que no pueden ser cambiadas, lo que permite a atacantes remotos obtener información sensible. • http://secunia.com/advisories/17604 http://securitytracker.com/id?1015232 http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml http://www.osvdb.org/20966 http://www.securityfocus.com/bid/15454 https://exchange.xforce.ibmcloud.com/vulnerabilities/23067 • CWE-798: Use of Hard-coded Credentials •