cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-3360,https://securityvulnerability.io/vulnerability/CVE-2020-3360,Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability,"A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.",Cisco,Cisco Ip Phone 8800 Series Software,5.3,MEDIUM,0.001829999964684248,false,,false,false,true,2024-08-04T08:16:37.000Z,,false,false,,2020-06-18T03:15:00.000Z,0
CVE-2019-1922,https://securityvulnerability.io/vulnerability/CVE-2019-1922,Cisco IP Phone 7800 and 8800 Series Session Initiation Protocol Denial of Service Vulnerability,"A vulnerability in Cisco SIP IP Phone Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to insufficient validation of input Session Initiation Protocol (SIP) packets. An attacker could exploit this vulnerability by altering the SIP replies that are sent to the affected phone during the registration process. A successful exploit could allow the attacker to cause the phone to reboot and not complete the registration process.",Cisco,Cisco Ip Phone 8800 Series Software,5.3,MEDIUM,0.0015899999998509884,false,,false,false,true,2024-08-04T19:16:18.000Z,,false,false,,2019-07-06T02:15:00.000Z,0
CVE-2019-1635,https://securityvulnerability.io/vulnerability/CVE-2019-1635,Cisco IP Phone 7800 Series and 8800 Series Session Initiation Protocol XML Denial of Service Vulnerability,"A vulnerability in the call-handling functionality of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and 8800 Series could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to incomplete error handling when XML data within a SIP packet is parsed. An attacker could exploit this vulnerability by sending a SIP packet that contains a malicious XML payload to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition.",Cisco,"Cisco Wireless Ip Phone 8821 And 8821-ex,Cisco Ip Phone 7800 Series And 8800 Series",7.5,HIGH,0.0015899999998509884,false,,false,false,true,2024-08-04T19:16:01.000Z,,false,false,,2019-05-03T15:29:00.000Z,0
CVE-2019-1764,https://securityvulnerability.io/vulnerability/CVE-2019-1764,Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability,"A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.",Cisco,"Cisco Wireless Ip Phone 8821 And 8821-ex,Cisco Ip Conference Phone 8832 And The Rest Of The Ip Phone 8800 Series",8.1,HIGH,0.001129999989643693,false,,false,false,true,2024-08-04T19:16:09.000Z,,false,false,,2019-03-22T20:29:00.000Z,0
CVE-2019-1765,https://securityvulnerability.io/vulnerability/CVE-2019-1765,Cisco IP Phone 8800 Series Path Traversal Vulnerability,"A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device. A successful exploit could allow the attacker to write files in arbitrary locations on the filesystem. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series.",Cisco,"Cisco Wireless Ip Phone 8821 And 8821-ex,Cisco Ip Conference Phone 8832 And The Rest Of The Ip Phone 8800 Series",8.1,HIGH,0.000910000002477318,false,,false,false,true,2024-08-04T19:16:09.000Z,,false,false,,2019-03-22T20:29:00.000Z,0
CVE-2019-1716,https://securityvulnerability.io/vulnerability/CVE-2019-1716,Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability,"A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series.",Cisco,"Cisco Unified Ip Conference Phone 8831,Cisco Wireless Ip Phone 8821 And 8821-ex,Cisco Ip Phone 7800 Series And 8800 Series",7.5,HIGH,0.009119999594986439,false,,false,false,true,2024-08-04T19:16:06.000Z,,false,false,,2019-03-22T20:29:00.000Z,0
CVE-2019-1763,https://securityvulnerability.io/vulnerability/CVE-2019-1763,Cisco IP Phone 8800 Series Authorization Bypass Vulnerability,"A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to critical services and cause a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.",Cisco,"Cisco Wireless Ip Phone 8821 And 8821-ex,Cisco Ip Conference Phone 8832 And The Rest Of The Ip Phone 8800 Series",7.5,HIGH,0.0020699999295175076,false,,false,false,true,2024-08-04T19:16:09.000Z,,false,false,,2019-03-22T20:29:00.000Z,0
CVE-2019-1766,https://securityvulnerability.io/vulnerability/CVE-2019-1766,Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability,"A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 12.5(1)SR1.",Cisco,Cisco Ip Phone 8800 Series Software,7.5,HIGH,0.001610000035725534,false,,false,false,true,2024-08-04T19:16:09.000Z,,false,false,,2019-03-22T20:29:00.000Z,0
CVE-2019-1684,https://securityvulnerability.io/vulnerability/CVE-2019-1684,Cisco IP Phone 7800 and 8800 Series Cisco Discovery Protocol and Link Layer Discovery Protocol Denial of Service Vulnerability,"A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability is due to missing length validation of certain Cisco Discovery Protocol or LLDP packet header fields. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. Versions prior to 12.6(1)MN80 are affected.",Cisco,Cisco Ip Phone 8800 Series Software,6.5,MEDIUM,0.0005499999970197678,false,,false,false,true,2024-08-04T19:16:04.000Z,,false,false,,2019-02-21T20:29:00.000Z,0
CVE-2018-0461,https://securityvulnerability.io/vulnerability/CVE-2018-0461,Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability,"A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.",Cisco,Cisco Ip Phone 8800 Series Software,6.5,MEDIUM,0.0020099999383091927,false,,false,false,true,2024-08-05T04:15:22.000Z,,false,false,,2019-01-10T16:29:00.000Z,0
CVE-2018-0316,https://securityvulnerability.io/vulnerability/CVE-2018-0316,,"A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware could allow an unauthenticated, remote attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the firmware of an affected phone incorrectly handles errors that could occur when an incoming phone call is not answered. An attacker could exploit this vulnerability by sending a set of maliciously crafted SIP packets to an affected phone. A successful exploit could allow the attacker to cause the affected phone to reload unexpectedly, resulting in a temporary DoS condition. This vulnerability affects Cisco IP Phone 6800, 7800, and 8800 Series Phones with Multiplatform Firmware if they are running a Multiplatform Firmware release prior to Release 11.1(2). Cisco Bug IDs: CSCvi24718.",Cisco,"Cisco Ip Phone 6800, 7800, And 8800 Series Unknown",7.5,HIGH,0.000859999970998615,false,,false,false,false,,,false,false,,2018-06-07T12:00:00.000Z,0
CVE-2018-0325,https://securityvulnerability.io/vulnerability/CVE-2018-0325,,"A vulnerability in the Session Initiation Protocol (SIP) call-handling functionality of Cisco IP Phone 7800 Series phones and Cisco IP Phone 8800 Series phones could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected phone. The vulnerability is due to incomplete input validation of SIP Session Description Protocol (SDP) parameters by the SDP parser of an affected phone. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected phone. A successful exploit could allow the attacker to cause all active phone calls on the affected phone to be dropped while the SIP process on the phone unexpectedly restarts, resulting in a DoS condition. Cisco Bug IDs: CSCvf40066.",Cisco,Cisco Ip Phone 7800 Series And 8800 Series,7.5,HIGH,0.0029899999499320984,false,,false,false,false,,,false,false,,2018-05-17T03:00:00.000Z,0
CVE-2017-12328,https://securityvulnerability.io/vulnerability/CVE-2017-12328,,"A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590.",Cisco,Cisco Ip Phone 8800 Series,5.8,MEDIUM,0.0014299999456852674,false,,false,false,false,,,false,false,,2017-11-30T09:00:00.000Z,0
CVE-2017-12305,https://securityvulnerability.io/vulnerability/CVE-2017-12305,,"A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034.",Cisco,Cisco Ip Phone 8800 Series,6.7,MEDIUM,0.002199999988079071,false,,false,false,false,,,false,false,,2017-11-16T07:00:00.000Z,0
CVE-2017-6656,https://securityvulnerability.io/vulnerability/CVE-2017-6656,,"A vulnerability in Session Initiation Protocol (SIP) call handling of Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the SIP process unexpectedly restarting. All active phone calls are dropped as the SIP process restarts. More Information: CSCvc29353. Known Affected Releases: 11.0(0.1). Known Fixed Releases: 11.0(0)MP2.153 11.0(0)MP2.62.",Cisco,Cisco Ip Phone 8800 Series,5.9,MEDIUM,0.002360000042244792,false,,false,false,false,,,false,false,,2017-06-13T06:00:00.000Z,0