CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6630
https://notcve.org/view.php?id=CVE-2017-6630
22 May 2017 — A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795. • http://www.securityfocus.com/bid/98533 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1469
https://notcve.org/view.php?id=CVE-2016-1469
12 Sep 2016 — The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. El marco de referencia HTTP en dispositivos Cisco SPA300, SPA500 y SPA51x permite a atacantes remotos provocar una denegación de servicio (interrupción del dispositivo) a través de una serie de peticiones HTTP mal formadas, vulnerabilidad también conocida como Bug ID CSCut67385. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-spa • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1479
https://notcve.org/view.php?id=CVE-2016-1479
22 Aug 2016 — Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038. Dispostivos Cisco IP Phone 8800 con software 11.0(1) permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria) a través de una petición HTTP manipulada, también conocido como Bug ID CSCuz03038. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ipp • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1476
https://notcve.org/view.php?id=CVE-2016-1476
22 Aug 2016 — Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024. Vulnerabilidad de XSS en dispositivos Cisco IP Phone 8800 con software 11.0 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros manipulados, también conocido como Bug ID CSCuz03024. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-ip-phone-8800 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1434
https://notcve.org/view.php?id=CVE-2016-1434
23 Jun 2016 — The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. La funcionalidad license-certificate upload en teléfonos Cisco 8800 con software 11.0(1) permite a usuarios remotos autenticados borrar archivos arbitrarios a través de un archivo inválido, también conocido como Bug ID CSCuz03010. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ip-phone • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1435
https://notcve.org/view.php?id=CVE-2016-1435
23 Jun 2016 — Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. Teléfonos Cisco 8800 con software 11.0(1) no hace cumplir adecuadamente los permisos de montado en el sistema de archivos, lo que permite a usuarios locales escribir a los ficheros arbitrarios mediante el aprovechamiento de acceso shell, también conocido como Bug ID CSCuz03014. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ipp • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1421
https://notcve.org/view.php?id=CVE-2016-1421
10 Jun 2016 — A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely ex... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-1403
https://notcve.org/view.php?id=CVE-2016-1403
04 Jun 2016 — CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005. Teléfonos CISCO IP 8800 con software 11.0.1 y versiones anteriores permite a usuarios locales obtener privilegios para para la ejecución de comandos SO a través de comandos CLI manipulados, también conocida como Bug ID CSCuz03005. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 2%CPEs: 291EXPL: 0CVE-2015-6360 – libsrtp: improper handling of CSRC count and extension header length in RTP header
https://notcve.org/view.php?id=CVE-2015-6360
04 Apr 2016 — The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. La característica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegación de servicio a través de campos manipulados en paquetes SRTP, también conocida como Bug ID CSCux00686. Randell Jesup and the Firefox team discovered that srtp, Cisco's reference implementation o... • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0751
https://notcve.org/view.php?id=CVE-2015-0751
29 May 2015 — Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. Cisco IP Phone 7861, cuando firmware de Cisco Unified Communications Manager 10.3(1) está utilizado, permite a atacantes remotos causar una denegación de servicio a través de paquetes manipulados, también conocido como Bug ID CSCus81800. • http://tools.cisco.com/security/center/viewAlert.x?alertId=39011 • CWE-20: Improper Input Validation CWE-399: Resource Management Errors •