CVSS: 7.5EPSS: 0%CPEs: 36EXPL: 0CVE-2018-0332
https://notcve.org/view.php?id=CVE-2018-0332
A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945. • http://www.securityfocus.com/bid/104445 http://www.securitytracker.com/id/1041074 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 2%CPEs: 291EXPL: 0CVE-2015-6360 – libsrtp: improper handling of CSRC count and extension header length in RTP header
https://notcve.org/view.php?id=CVE-2015-6360
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp http://www.debian.org/security/2016/dsa-3539 http://www.securitytracker.com/id/1035636 http://www.securitytracker.com/id/1035637 http://www.securitytracker.com/id/1035648 http://www.securitytracker.com/id/1035649 http://www.securitytracker.com/id/1035650 http://www.securitytracker.com/id/1035651 http://www.securitytracker.com/id/1035652 https://access.redhat.com/security/cve/CVE-2015-6360 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0751
https://notcve.org/view.php?id=CVE-2015-0751
Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. Cisco IP Phone 7861, cuando firmware de Cisco Unified Communications Manager 10.3(1) está utilizado, permite a atacantes remotos causar una denegación de servicio a través de paquetes manipulados, también conocido como Bug ID CSCus81800. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39011 http://www.securitytracker.com/id/1032407 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0602
https://notcve.org/view.php?id=CVE-2015-0602
The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117. La extensión de movilidad en los teléfonos Cisco Unified IP 9900 con firmware 9.4(.1) y anteriores permite a atacantes remotos obtener información sensible mediante la captura de trafico de la red, también conocido como Bug ID CSCuq12117. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0602 http://tools.cisco.com/security/center/viewAlert.x?alertId=37342 http://www.securityfocus.com/bid/72482 https://exchange.xforce.ibmcloud.com/vulnerabilities/100615 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0600
https://notcve.org/view.php?id=CVE-2015-0600
The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139. La extensión de movilidad en los teléfonos Cisco Unified IP 9900 con firmware 9.4(.1) y anteriores permite a atacantes remotos causar una denegación de servicio (cierre de sesión) a través de paquetes manipulados, también conocido como Bug ID CSCuq12139. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0600 http://tools.cisco.com/security/center/viewAlert.x?alertId=37341 http://www.securityfocus.com/bid/72481 https://exchange.xforce.ibmcloud.com/vulnerabilities/100726 • CWE-20: Improper Input Validation •