CVE-2022-20817 – Cisco IP Phone Duplicate Key Vulnerability
https://notcve.org/view.php?id=CVE-2022-20817
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVE-2021-34710 – Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34710
Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el Software de Cisco ATA 190 Series Analog Telephone Adapter podrían permitir a un atacante llevar a cabo un ataque de inyección de comandos que resultara en una ejecución de código remota o causar una condición de denegación de servicio (DoS) en un dispositivo afectado. Para obtener más información sobre estas vulnerabilidades, consulte la sección Details de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2021-34735 – Cisco ATA 190 Series Analog Telephone Adapter Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34735
Multiple vulnerabilities in the Cisco ATA 190 Series Analog Telephone Adapter Software could allow an attacker to perform a command injection attack resulting in remote code execution or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Múltiples vulnerabilidades en el Software de Cisco ATA 190 Series Analog Telephone Adapter podrían permitir a un atacante llevar a cabo un ataque de inyección de comandos resultando en una ejecución de código remota o causar una condición de denegación de servicio (DoS) en un dispositivo afectado. Para obtener más información sobre estas vulnerabilidades, consulte la sección Details de este aviso • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-A4J57F3 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2013-1111
https://notcve.org/view.php?id=CVE-2013-1111
The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and 9.2.3.1 before ES build 4 does not properly implement access control, which allows remote attackers to execute operating-system commands via vectors involving a session on TCP port 7870, aka Bug ID CSCtz67038. El Cisco ATA 187 Analog Telephone Adaptor con el firmware v9.2.1.0 y v9.2.3.1 antes ES build 4 no aplica correctamente el control de acceso, lo que permite a atacantes remotos ejecutar comandos del sistema operativo a través de vectores relacionados con una sesión en el puerto TCP 7870, ID de error también conocido como CSCtz67038. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130206-ata187 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2005-4794
https://notcve.org/view.php?id=CVE-2005-4794
Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset. • http://secunia.com/advisories/15472 http://securitytracker.com/id?1014043 http://securitytracker.com/id?1014044 http://securitytracker.com/id?1014045 http://securitytracker.com/id?1014046 http://securitytracker.com/id? •