CVE-2018-0332
https://notcve.org/view.php?id=CVE-2018-0332
A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945. • http://www.securityfocus.com/bid/104445 http://www.securitytracker.com/id/1041074 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos • CWE-399: Resource Management Errors •
CVE-2015-6360 – libsrtp: improper handling of CSRC count and extension header length in RTP header
https://notcve.org/view.php?id=CVE-2015-6360
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp http://www.debian.org/security/2016/dsa-3539 http://www.securitytracker.com/id/1035636 http://www.securitytracker.com/id/1035637 http://www.securitytracker.com/id/1035648 http://www.securitytracker.com/id/1035649 http://www.securitytracker.com/id/1035650 http://www.securitytracker.com/id/1035651 http://www.securitytracker.com/id/1035652 https://access.redhat.com/security/cve/CVE-2015-6360 http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-0600
https://notcve.org/view.php?id=CVE-2015-0600
The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139. La extensión de movilidad en los teléfonos Cisco Unified IP 9900 con firmware 9.4(.1) y anteriores permite a atacantes remotos causar una denegación de servicio (cierre de sesión) a través de paquetes manipulados, también conocido como Bug ID CSCuq12139. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0600 http://tools.cisco.com/security/center/viewAlert.x?alertId=37341 http://www.securityfocus.com/bid/72481 https://exchange.xforce.ibmcloud.com/vulnerabilities/100726 • CWE-20: Improper Input Validation •
CVE-2015-0602
https://notcve.org/view.php?id=CVE-2015-0602
The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117. La extensión de movilidad en los teléfonos Cisco Unified IP 9900 con firmware 9.4(.1) y anteriores permite a atacantes remotos obtener información sensible mediante la captura de trafico de la red, también conocido como Bug ID CSCuq12117. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0602 http://tools.cisco.com/security/center/viewAlert.x?alertId=37342 http://www.securityfocus.com/bid/72482 https://exchange.xforce.ibmcloud.com/vulnerabilities/100615 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-0603
https://notcve.org/view.php?id=CVE-2015-0603
Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing to a phone's filesystem, aka Bug ID CSCup90474. Los teléfonos Cisco Unified IP 9900 con firmware 9.4(.1) y anteriores utilizan permisos débiles para ficheros no especificados, lo que permite a usuarios locales causar una denegación de servicio (cuelgue persistente o reinicio) mediante la escritura al sistema de ficheros de un teléfono, también conocido como Bug ID CSCup90474. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0603 http://tools.cisco.com/security/center/viewAlert.x?alertId=37345 http://www.securityfocus.com/bid/72484 https://exchange.xforce.ibmcloud.com/vulnerabilities/100619 • CWE-264: Permissions, Privileges, and Access Controls •