cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-1379,https://securityvulnerability.io/vulnerability/CVE-2021-1379,Unauthenticated Remote Code Execution and Denial of Service Vulnerabilities in Cisco IP Phones,"Vulnerabilities exist in the Cisco Discovery Protocol and Link Layer Discovery Protocol implementations within Cisco IP Phone Series 68xx/78xx/88xx models. These vulnerabilities stem from inadequate security checks when processing incoming Cisco Discovery Protocol or LLDP packets, allowing an unauthenticated, adjacent attacker to potentially execute arbitrary code remotely or cause unintended reboots of the affected devices. Exploitation requires the attacker to be on the same broadcast domain, highlighting the importance of securing network segments to mitigate such risks. Cisco has made software updates available to resolve these vulnerabilities, with no effective workarounds identified.",Cisco,"Cisco Ip Phones With Multiplatform Firmware,Cisco Session Initiation Protocol (sip) Software,Cisco Small Business Ip Phones",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-18T15:42:00.388Z,0
CVE-2024-20451,https://securityvulnerability.io/vulnerability/CVE-2024-20451,Unauthorized Remote Attack on IP Phones Could Cause Device Reload,"Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business SPA300 Series and SPA500 Series IP Phones, allowing an unauthenticated remote attacker to exploit weaknesses in error handling of HTTP packets. By sending specially crafted HTTP packets to the remote interface of the devices, an attacker could initiate unexpected reloads, leading to a denial of service condition. This vulnerability poses a significant risk as it can disrupt communications for users relying on these devices.",Cisco,Cisco Small Business Ip Phones,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-07T16:48:37.184Z,0
CVE-2024-20454,https://securityvulnerability.io/vulnerability/CVE-2024-20454,Unauthenticated Remote Attackers Could Execute Arbitrary Commands with Root Privileges,"The web-based management interface of Cisco Small Business SPA300 Series and SPA500 Series IP Phones contains vulnerabilities that allow unauthenticated remote attackers to exploit a lack of proper error checking in incoming HTTP packets. This oversight can lead to a buffer overflow scenario whereby an attacker sends a specially crafted HTTP request to the vulnerable devices. Upon successful exploitation, the attacker can execute arbitrary commands on the underlying operating system with root privileges, potentially compromising the device and the security of the network within which it operates.",Cisco,Cisco Small Business Ip Phones,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-08-07T16:47:46.205Z,0
CVE-2024-20450,https://securityvulnerability.io/vulnerability/CVE-2024-20450,Unauthorized Remote Execution of Arbitrary Commands on Cisco Small Business IP Phones,"Vulnerabilities exist in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones that could permit unauthenticated remote attackers to execute arbitrary commands on the device's operating system with root privileges. These issues arise from inadequate error checking of incoming HTTP packets, which can lead to buffer overflow conditions. By sending specially crafted HTTP requests to affected devices, attackers may gain the ability to overflow an internal buffer, ultimately enabling them to execute commands with elevated privileges, potentially compromising the integrity and security of the devices.",Cisco,Cisco Small Business Ip Phones,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-08-07T16:46:42.633Z,0
CVE-2024-20376,https://securityvulnerability.io/vulnerability/CVE-2024-20376,Cisco IP Phone Firmware Vulnerability Could Lead to DoS Condition,"A vulnerability has been identified in the web-based management interface of Cisco IP Phone firmware that exposes devices to potential denial of service attacks. Due to inadequate validation of user-supplied input, an unauthenticated remote attacker may craft a malicious request targeting the interface of the affected devices. If successfully executed, the attack could lead to the affected device reloading, consequently disrupting service and impacting availability. The issue underscores the necessity for robust input validation mechanisms within management interfaces to prevent unauthorized disruptions.",Cisco,"Cisco Ip Phones With Multiplatform Firmware,Cisco Phoneos",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-01T16:43:15.553Z,0
CVE-2024-20378,https://securityvulnerability.io/vulnerability/CVE-2024-20378,Unauthorized Access to Sensitive Information in Cisco IP Phone Firmware,"A security flaw exists in the web-based management interface of Cisco IP Phone firmware that could enable remote attackers to gain unauthorized access to sensitive information stored on affected devices. The issue stems from inadequate authentication controls for specific endpoints, allowing attackers to connect without prior credentials. Once exploited, this vulnerability permits attackers to capture user credentials and intercept traffic, including VoIP calls, leading to potential replay attacks and data breaches. Organizations utilizing Cisco IP Phones should prioritize applying security patches and implementing additional security measures to mitigate risks associated with this vulnerability.",Cisco,"Cisco Ip Phones With Multiplatform Firmware,Cisco Phoneos",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-01T16:41:52.385Z,0
CVE-2024-20357,https://securityvulnerability.io/vulnerability/CVE-2024-20357,Unauthenticated Remote Attacker Could Initiate Calls on Affected Devices via XML Service Vulnerability,"A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device.  
 This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.",Cisco,"Cisco Ip Phones With Multiplatform Firmware,Cisco Phoneos",5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-01T16:36:53.907Z,0
CVE-2023-20265,https://securityvulnerability.io/vulnerability/CVE-2023-20265,Stored Cross-Site Scripting Vulnerability in Cisco IP Phones Management Interface,"A vulnerability exists in the web-based management interface of specific Cisco IP Phones that may allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. This issue stems from inadequate validation of user-supplied input, enabling an attacker to manipulate content in such a way that malicious HTML or script code gets executed when a user interacts with the affected interface. Successful exploitation could have significant repercussions, possibly leading to unauthorized access to sensitive browser-based information. To execute this attack, the assailant must possess valid access credentials for the management interface.",Cisco,"Cisco Ip Phones With Multiplatform Firmware,Cisco Session Initiation Protocol (sip) Software",5.5,MEDIUM,0.0006099999882280827,false,,false,false,true,2024-08-29T21:15:04.000Z,,false,false,,2023-11-21T19:15:00.000Z,0
CVE-2023-20221,https://securityvulnerability.io/vulnerability/CVE-2023-20221,Cross-Site Request Forgery in Cisco IP Phone Series Management Interface,"A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware allows an unauthenticated, remote attacker to execute cross-site request forgery (CSRF) attacks. This issue arises from insufficient CSRF protections within the interface. An attacker could exploit this vulnerability by tricking an authenticated user into clicking a specially crafted link, potentially leading to unauthorized actions such as a factory reset of the device. Such an exploit could cause a Denial of Service (DoS) condition, disrupting normal operations.",Cisco,"Cisco IP Phones with Multiplatform Firmware,Cisco PhoneOS",6.5,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0
CVE-2023-20181,https://securityvulnerability.io/vulnerability/CVE-2023-20181,Cross-Site Scripting Vulnerability in Cisco Small Business SPA500 Series IP Phones,"A vulnerability exists in the web-based management interface of Cisco Small Business SPA500 Series IP Phones, allowing remote attackers to exploit it through Cross-Site Scripting (XSS) techniques. This issue arises from inadequate validation of user input, potentially enabling an attacker to execute arbitrary script code in the context of the interface or to gain access to sensitive browser information. An attacker can exploit this vulnerability by enticing a user to click on a specially crafted link, leading to unauthorized actions within the affected software.",Cisco,Cisco Small Business IP Phones,6.1,MEDIUM,0.001290000043809414,false,,false,false,false,,,false,false,,2023-08-03T22:15:00.000Z,0
CVE-2023-20218,https://securityvulnerability.io/vulnerability/CVE-2023-20218,Web-based Management Interface Vulnerability in Cisco SPA500 Series Analog Telephone Adapters,"A vulnerability exists in the web-based management interface of Cisco SPA500 Series Analog Telephone Adapters that allows an authenticated remote attacker to manipulate web pages viewed in users' browsers. This issue arises from the inadequate validation of user-supplied input, which can be exploited if the attacker tricks a user into clicking a specially crafted link. Successful exploitation can lead to redirection of users to harmful websites or pave the way for additional client-side attacks. Notably, Cisco will not provide software updates to remediate this vulnerability.",Cisco,Cisco Small Business Ip Phones,5.8,MEDIUM,0.0009599999757483602,false,,false,false,true,2024-10-17T15:15:04.000Z,,false,false,,2023-08-03T22:15:00.000Z,0
CVE-2023-20126,https://securityvulnerability.io/vulnerability/CVE-2023-20126,Cisco SPA112 2-Port Phone Adapters Remote Command Execution Vulnerability,"A critical flaw in the web-based management interface of the Cisco SPA112 2-Port Phone Adapter allows unauthenticated attackers to execute arbitrary code. This vulnerability stems from an absence of authentication during the firmware upgrade process, which could enable an attacker to upload a malicious firmware version. If successfully exploited, the attacker gains complete system privileges, putting the device and potentially the larger network at significant risk. Cisco has not yet provided any firmware updates to mitigate this issue.",Cisco,Cisco Small Business Ip Phones,9.8,CRITICAL,0.0030400000978261232,false,,false,false,true,2023-05-17T08:59:40.000Z,true,false,false,,2023-05-04T00:00:00.000Z,0
CVE-2023-20079,https://securityvulnerability.io/vulnerability/CVE-2023-20079,"Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities","Multiple vulnerabilities exist within the web-based management interface of various Cisco IP Phones, enabling unauthenticated remote attackers to execute arbitrary code or trigger a denial of service (DoS) situation. These threats pose significant risks to the security and functioning of the devices. It is crucial for organizations to identify and remediate these vulnerabilities to protect their communication infrastructure.",Cisco,Cisco Ip Phones With Multiplatform Firmware,9.8,CRITICAL,0.0018899999558925629,false,,false,false,true,2024-10-28T17:15:05.000Z,,false,false,,2023-03-03T00:00:00.000Z,0
CVE-2023-20078,https://securityvulnerability.io/vulnerability/CVE-2023-20078,"Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities","Certain Cisco IP Phones are susceptible to multiple vulnerabilities within their web-based management interface. An unauthenticated remote attacker could leverage these weaknesses to execute arbitrary code, potentially resulting in compromised devices and disrupted operations. Additionally, these vulnerabilities could lead to a denial of service (DoS) condition, affecting the availability and functionality of the phones. It is essential for users to address these vulnerabilities promptly by consulting Cisco's advisory for detailed remediation steps.",Cisco,Cisco Ip Phones With Multiplatform Firmware,9.8,CRITICAL,0.003120000008493662,false,,false,false,true,2024-10-28T17:15:05.000Z,,false,false,,2023-03-03T00:00:00.000Z,0
CVE-2022-20817,https://securityvulnerability.io/vulnerability/CVE-2022-20817,Cisco IP Phone Duplicate Key Vulnerability,"A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.",Cisco,Cisco Ip Phones With Multiplatform Firmware,7.4,HIGH,0.0019000000320374966,false,,false,false,true,2024-08-03T03:15:42.000Z,,false,false,,2022-06-15T00:00:00.000Z,0
CVE-2022-20774,https://securityvulnerability.io/vulnerability/CVE-2022-20774,"Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability","A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.",Cisco,Cisco Ip Phone 7800 Series With Multiplatform Firmware,6.8,MEDIUM,0.0007800000021234155,false,,false,false,true,2024-08-03T03:15:40.000Z,,false,false,,2022-04-06T00:00:00.000Z,0
CVE-2021-34711,https://securityvulnerability.io/vulnerability/CVE-2021-34711,Cisco IP Phone Software Arbitrary File Read Vulnerability,"A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.",Cisco,Cisco Ip Phones With Multiplatform Firmware,5.5,MEDIUM,0.0004400000034365803,false,,false,false,true,2024-08-04T02:15:20.000Z,,false,false,,2021-10-06T00:00:00.000Z,0
CVE-2020-3574,https://securityvulnerability.io/vulnerability/CVE-2020-3574,Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability,"A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition.",Cisco,Cisco Ip Phones With Multiplatform Firmware,7.5,HIGH,0.0015899999998509884,false,,false,false,true,2024-08-04T08:16:46.000Z,,false,false,,2020-11-06T19:15:00.000Z,0
CVE-2019-15959,https://securityvulnerability.io/vulnerability/CVE-2019-15959,Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability,A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.,Cisco,Cisco Spa525g2 5-line Ip Phone,6.6,MEDIUM,0.0004400000034365803,false,,false,false,true,2024-08-05T02:15:45.000Z,,false,false,,2020-09-23T01:15:00.000Z,0
CVE-2020-3360,https://securityvulnerability.io/vulnerability/CVE-2020-3360,Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability,"A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.",Cisco,Cisco Ip Phone 8800 Series Software,5.3,MEDIUM,0.001829999964684248,false,,false,false,true,2024-08-04T08:16:37.000Z,,false,false,,2020-06-18T03:15:00.000Z,0
CVE-2020-3161,https://securityvulnerability.io/vulnerability/CVE-2020-3161,Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability,"A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.",Cisco,Cisco Ip Phone,9.8,CRITICAL,0.020069999620318413,true,2021-11-03T00:00:00.000Z,false,false,true,2020-12-31T15:37:48.000Z,true,false,false,,2020-04-15T00:00:00.000Z,0
CVE-2020-3111,https://securityvulnerability.io/vulnerability/CVE-2020-3111,Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability,"A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).",Cisco,Cisco Ip Phone,8.8,HIGH,0.0007300000288523734,false,,false,false,true,2024-08-04T08:16:25.000Z,,false,false,,2020-02-05T00:00:00.000Z,0
CVE-2019-16008,https://securityvulnerability.io/vulnerability/CVE-2019-16008,"Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability","A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based GUI of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Ip Phone 7800 Series With Multiplatform Firmware,5.4,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-08-05T02:15:47.000Z,,false,false,,2020-01-26T05:15:00.000Z,0
CVE-2019-1923,https://securityvulnerability.io/vulnerability/CVE-2019-1923,Cisco Small Business SPA500 Series IP Phones Local Command Execution Vulnerability,"A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to improper input validation in the device configuration interface. An attacker could exploit this vulnerability by accessing the configuration interface, which may require a password, and then accessing the device's physical interface and inserting a USB storage device. A successful exploit could allow the attacker to execute arbitrary commands on the device in an elevated security context. At the time of publication, this vulnerability affected Cisco Small Business SPA500 Series IP Phones firmware releases 7.6.2SR5 and prior.",Cisco,Cisco Spa525g2 5-line Ip Phone,6.6,MEDIUM,0.0004400000034365803,false,,false,false,true,2024-08-04T19:16:18.000Z,,false,false,,2019-07-17T00:00:00.000Z,0
CVE-2019-1922,https://securityvulnerability.io/vulnerability/CVE-2019-1922,Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability,"A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process.",Cisco,Cisco Ip Phone 8800 Series Software,5.3,MEDIUM,0.0015899999998509884,false,,false,false,true,2024-08-04T19:16:18.000Z,,false,false,,2019-07-06T02:15:00.000Z,0