CVE-2017-6630
https://notcve.org/view.php?id=CVE-2017-6630
A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795. • http://www.securityfocus.com/bid/98533 http://www.securitytracker.com/id/1038511 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip • CWE-399: Resource Management Errors •
CVE-2016-1476
https://notcve.org/view.php?id=CVE-2016-1476
Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024. Vulnerabilidad de XSS en dispositivos Cisco IP Phone 8800 con software 11.0 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros manipulados, también conocido como Bug ID CSCuz03024. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-ip-phone-8800 http://www.securityfocus.com/bid/92404 http://www.securitytracker.com/id/1036595 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-1479
https://notcve.org/view.php?id=CVE-2016-1479
Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038. Dispostivos Cisco IP Phone 8800 con software 11.0(1) permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria) a través de una petición HTTP manipulada, también conocido como Bug ID CSCuz03038. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ipp http://www.securityfocus.com/bid/92515 http://www.securitytracker.com/id/1036646 • CWE-20: Improper Input Validation •
CVE-2016-1435
https://notcve.org/view.php?id=CVE-2016-1435
Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. Teléfonos Cisco 8800 con software 11.0(1) no hace cumplir adecuadamente los permisos de montado en el sistema de archivos, lo que permite a usuarios locales escribir a los ficheros arbitrarios mediante el aprovechamiento de acceso shell, también conocido como Bug ID CSCuz03014. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ipp http://www.securitytracker.com/id/1036138 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-1434
https://notcve.org/view.php?id=CVE-2016-1434
The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. La funcionalidad license-certificate upload en teléfonos Cisco 8800 con software 11.0(1) permite a usuarios remotos autenticados borrar archivos arbitrarios a través de un archivo inválido, también conocido como Bug ID CSCuz03010. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ip-phone http://www.securitytracker.com/id/1036139 • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •