CVE-2017-6630
https://notcve.org/view.php?id=CVE-2017-6630
A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795. • http://www.securityfocus.com/bid/98533 http://www.securitytracker.com/id/1038511 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip • CWE-399: Resource Management Errors •
CVE-2016-1469
https://notcve.org/view.php?id=CVE-2016-1469
The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows remote attackers to cause a denial of service (device outage) via a series of malformed HTTP requests, aka Bug ID CSCut67385. El marco de referencia HTTP en dispositivos Cisco SPA300, SPA500 y SPA51x permite a atacantes remotos provocar una denegación de servicio (interrupción del dispositivo) a través de una serie de peticiones HTTP mal formadas, vulnerabilidad también conocida como Bug ID CSCut67385. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160831-spa http://www.securityfocus.com/bid/92706 http://www.securitytracker.com/id/1036717 • CWE-399: Resource Management Errors •
CVE-2016-1476
https://notcve.org/view.php?id=CVE-2016-1476
Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024. Vulnerabilidad de XSS en dispositivos Cisco IP Phone 8800 con software 11.0 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de parámetros manipulados, también conocido como Bug ID CSCuz03024. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-ip-phone-8800 http://www.securityfocus.com/bid/92404 http://www.securitytracker.com/id/1036595 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-1479
https://notcve.org/view.php?id=CVE-2016-1479
Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038. Dispostivos Cisco IP Phone 8800 con software 11.0(1) permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria) a través de una petición HTTP manipulada, también conocido como Bug ID CSCuz03038. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ipp http://www.securityfocus.com/bid/92515 http://www.securitytracker.com/id/1036646 • CWE-20: Improper Input Validation •
CVE-2016-1435
https://notcve.org/view.php?id=CVE-2016-1435
Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. Teléfonos Cisco 8800 con software 11.0(1) no hace cumplir adecuadamente los permisos de montado en el sistema de archivos, lo que permite a usuarios locales escribir a los ficheros arbitrarios mediante el aprovechamiento de acceso shell, también conocido como Bug ID CSCuz03014. • http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ipp http://www.securitytracker.com/id/1036138 • CWE-264: Permissions, Privileges, and Access Controls •