CVE-2008-0529
https://notcve.org/view.php?id=CVE-2008-0529
Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G running SCCP firmware might allow remote authenticated users to execute arbitrary code via a crafted command. Desbordamiento de búfer en el servidor de telnet de Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, y 7971G ejecutándose en un software empotrado (firmware) SCCP, puede que permita a usuarios autenticados remotamente ejecutar código de su elección mediante un comando manipulado. • http://secunia.com/advisories/28935 http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml http://www.securityfocus.com/bid/27774 http://www.securitytracker.com/id?1019410 http://www.vupen.com/english/advisories/2008/0543 https://exchange.xforce.ibmcloud.com/vulnerabilities/40493 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0530
https://notcve.org/view.php?id=CVE-2008-0530
Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP and SIP firmware might allow remote attackers to execute arbitrary code via a crafted DNS response. Desbordamiento de búfer en los teléfonos Cisco Unified IP Phone 7940, 7940G, 7960 y 7960G ejecutándose en los software empotrados (firmware) SCCP y SIP, puede que permitan a atacantes remotos ejecutar código de su elección mediante una respuesta de DNS manipulada. • http://secunia.com/advisories/28935 http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml http://www.securityfocus.com/bid/27774 http://www.securitytracker.com/id?1019406 http://www.vupen.com/english/advisories/2008/0543 https://exchange.xforce.ibmcloud.com/vulnerabilities/40485 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-0531
https://notcve.org/view.php?id=CVE-2008-0531
Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote SIP servers to execute arbitrary code via a crafted challenge/response message. Desbordamiento de búfer basado en montículo en los teléfonos Cisco Unified IP Phone 7940, 7940G, 7960 y 7960G ejecutándose en un software empotrado (firmware) SIP, puede que permita a servidores SIP remotos ejecutar código de su elección mediante un mensaje de desafío/respuesta. • http://secunia.com/advisories/28935 http://www.cisco.com/en/US/products/products_security_advisory09186a0080949c7a.shtml http://www.securityfocus.com/bid/27774 http://www.securitytracker.com/id?1019411 http://www.vupen.com/english/advisories/2008/0543 https://exchange.xforce.ibmcloud.com/vulnerabilities/40498 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-6190
https://notcve.org/view.php?id=CVE-2007-6190
The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream. El demonio HTTP en el teléfono Cisco Unified IPD Phone, cuando la funcionalidad de Movilidad de Extensión (Extension Mobility) está habilitada, permite a usuarios autenticados remotamente de otros teléfonos asociados con el mismo servidor CUCM escuchar el entorno físico sin ser detectados mediante un mensaje CiscoIPPhoneExecute que contenga un atributo URL de un elemento ExecuteItem que especifica un flujo de audio en el protocolo RTP (Real-Time Transport Protocol). • http://osvdb.org/40874 http://secunia.com/advisories/27829 http://securitytracker.com/id?1019006 http://www.cisco.com/en/US/products/products_security_response09186a0080903a6d.html http://www.hack.lu/pres/hacklu07_Remote_wiretapping.pdf http://www.securityfocus.com/bid/26668 http://www.vupen.com/english/advisories/2007/4036 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2007-1072
https://notcve.org/view.php?id=CVE-2007-1072
The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063. El interfaz de linea de comando (CLI) en Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, y 7971G, con firmware 8.0(4)SR1 y anteriores permite a usuarios locales obtener privilegios o provocar denegación de servicio a través de vectores no especificados. NOTA: este asunto podría estar apalancada remotamente a través de CVE-2007-1063. • http://osvdb.org/33064 http://secunia.com/advisories/24262 http://www.cisco.com/warp/public/707/cisco-air-20070221-phone.shtml http://www.cisco.com/warp/public/707/cisco-sa-20070221-phone.shtml http://www.securityfocus.com/bid/22647 • CWE-264: Permissions, Privileges, and Access Controls •