CVSS: 7.4EPSS: 0%CPEs: 22EXPL: 0CVE-2022-20817 – Cisco IP Phone Duplicate Key Vulnerability
https://notcve.org/view.php?id=CVE-2022-20817
15 Jun 2022 — A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 5.3EPSS: 0%CPEs: 74EXPL: 0CVE-2020-3360 – Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3360
18 Jun 2020 — A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sen... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 2%CPEs: 36EXPL: 0CVE-2018-0332
https://notcve.org/view.php?id=CVE-2018-0332
07 Jun 2018 — A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phon... • http://www.securityfocus.com/bid/104445 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0600
https://notcve.org/view.php?id=CVE-2015-0600
07 Feb 2015 — The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139. La extensión de movilidad en los teléfonos Cisco Unified IP 9900 con firmware 9.4(.1) y anteriores permite a atacantes remotos causar una denegación de servicio (cierre de sesión) a través de paquetes manipulados, también conocido como Bug ID CSCuq12139. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0600 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0602
https://notcve.org/view.php?id=CVE-2015-0602
07 Feb 2015 — The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117. La extensión de movilidad en los teléfonos Cisco Unified IP 9900 con firmware 9.4(.1) y anteriores permite a atacantes remotos obtener información sensible mediante la captura de trafico de la red, también conocido como Bug ID CSCuq12117. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0602 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0601
https://notcve.org/view.php?id=CVE-2015-0601
07 Feb 2015 — Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow local users to cause a denial of service (device reload) via crafted commands, aka Bug ID CSCup92790. Los teléfonos Cisco Unified IP 9900 con firmware 9.4(.1) y anteriores permiten a usuarios locales causar una denegación de servicio (recarga del dispositivo) a través de comandos manipulados, también conocido como Bug ID CSCup92790. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0601 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0603
https://notcve.org/view.php?id=CVE-2015-0603
07 Feb 2015 — Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing to a phone's filesystem, aka Bug ID CSCup90474. Los teléfonos Cisco Unified IP 9900 con firmware 9.4(.1) y anteriores utilizan permisos débiles para ficheros no especificados, lo que permite a usuarios locales causar una denegación de servicio (cuelgue persistente o reinicio) mediante la escritura al sistema de... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0603 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0604
https://notcve.org/view.php?id=CVE-2015-0604
07 Feb 2015 — The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424. El Framework web en los teléfonos Cisco Unified IP 9900 con firmware 9.4(.1) y anteriores permite a atacantes remotos subir ficheros a localizaciones arbitrarias al sistema de ficheros de un teléfono a través de solicitudes HTTP manipuladas, también conocido como Bug ID CSCup90424. • http://secunia.com/advisories/62761 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0CVE-2014-0658
https://notcve.org/view.php?id=CVE-2014-0658
10 Jan 2014 — Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898. Los teléfonos Ip Cisco 9900 Unified permiten a atacantes remotos causar uan denegación de servicio (unregistration) a través de una cabecera SIP manipulada, tambien conocido como Bug ID CSCul24898. • http://osvdb.org/101913 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2013-6685
https://notcve.org/view.php?id=CVE-2013-6685
13 Nov 2013 — The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382. El firmware de teléfonos Cisco Unified IP 8961, 9951, y 9971 usa permisos débiles para dispositivos de bloque de memoria, lo que permite a usuarios locales obtener privilegios mediante el montaje de un dispositivo con un archivo setuid en su sistema de archivos, también conoci... • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6685 • CWE-264: Permissions, Privileges, and Access Controls •