13 results (0.007 seconds)

CVSS: 7.4EPSS: 0%CPEs: 22EXPL: 0

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •

CVSS: 5.3EPSS: 0%CPEs: 74EXPL: 0

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device. Una vulnerabilidad en la funcionalidad Web Access de Cisco IP Phones Series 7800 y Series 8800, podría permitir a un atacante remoto no autenticado visualizar información confidencial sobre un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 36EXPL: 0

A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945. • http://www.securityfocus.com/bid/104445 http://www.securitytracker.com/id/1041074 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139. La extensión de movilidad en los teléfonos Cisco Unified IP 9900 con firmware 9.4(.1) y anteriores permite a atacantes remotos causar una denegación de servicio (cierre de sesión) a través de paquetes manipulados, también conocido como Bug ID CSCuq12139. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0600 http://tools.cisco.com/security/center/viewAlert.x?alertId=37341 http://www.securityfocus.com/bid/72481 https://exchange.xforce.ibmcloud.com/vulnerabilities/100726 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117. La extensión de movilidad en los teléfonos Cisco Unified IP 9900 con firmware 9.4(.1) y anteriores permite a atacantes remotos obtener información sensible mediante la captura de trafico de la red, también conocido como Bug ID CSCuq12117. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0602 http://tools.cisco.com/security/center/viewAlert.x?alertId=37342 http://www.securityfocus.com/bid/72482 https://exchange.xforce.ibmcloud.com/vulnerabilities/100615 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •