cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-1379,https://securityvulnerability.io/vulnerability/CVE-2021-1379,Unauthenticated Remote Code Execution and Denial of Service Vulnerabilities in Cisco IP Phones,"Vulnerabilities exist in the Cisco Discovery Protocol and Link Layer Discovery Protocol implementations within Cisco IP Phone Series 68xx/78xx/88xx models. These vulnerabilities stem from inadequate security checks when processing incoming Cisco Discovery Protocol or LLDP packets, allowing an unauthenticated, adjacent attacker to potentially execute arbitrary code remotely or cause unintended reboots of the affected devices. Exploitation requires the attacker to be on the same broadcast domain, highlighting the importance of securing network segments to mitigate such risks. Cisco has made software updates available to resolve these vulnerabilities, with no effective workarounds identified.",Cisco,"Cisco Ip Phones With Multiplatform Firmware,Cisco Session Initiation Protocol (sip) Software,Cisco Small Business Ip Phones",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-18T15:42:00.388Z,0
CVE-2023-20265,https://securityvulnerability.io/vulnerability/CVE-2023-20265,Stored Cross-Site Scripting Vulnerability in Cisco IP Phones Management Interface,"A vulnerability exists in the web-based management interface of specific Cisco IP Phones that may allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. This issue stems from inadequate validation of user-supplied input, enabling an attacker to manipulate content in such a way that malicious HTML or script code gets executed when a user interacts with the affected interface. Successful exploitation could have significant repercussions, possibly leading to unauthorized access to sensitive browser-based information. To execute this attack, the assailant must possess valid access credentials for the management interface.",Cisco,"Cisco Ip Phones With Multiplatform Firmware,Cisco Session Initiation Protocol (sip) Software",5.5,MEDIUM,0.0006099999882280827,false,,false,false,true,2024-08-29T21:15:04.000Z,,false,false,,2023-11-21T19:15:00.000Z,0
CVE-2023-20018,https://securityvulnerability.io/vulnerability/CVE-2023-20018,Authentication Bypass in Cisco IP Phone 7800 and 8800 Series,"A security vulnerability exists in the web-based management interface of Cisco's IP Phone 7800 and 8800 Series. This flaw is attributed to inadequate validation of user-provided input, allowing an unauthenticated remote attacker to bypass authentication mechanisms on affected devices. By crafting and sending a specific request to the web management interface, the attacker can potentially gain access to sections that are typically secured. This poses a significant risk, emphasizing the need for users to implement proper security measures and updates.",Cisco,Cisco Session Initiation Protocol (SIP) Software,6.5,MEDIUM,0.0011099999537691474,false,,false,false,false,,,false,false,,2023-01-20T07:15:00.000Z,0
CVE-2022-20968,https://securityvulnerability.io/vulnerability/CVE-2022-20968,Stack Overflow Vulnerability in Cisco IP Phone 7800 and 8800 Series,"The vulnerability in the Cisco Discovery Protocol processing feature impacts Cisco IP Phone 7800 and 8800 Series firmware. It arises from inadequate input validation of incoming Cisco Discovery Protocol packets. An attacker situated on the same network could exploit this flaw by dispatching specially crafted Cisco Discovery Protocol traffic. Successful exploitation could lead to a stack overflow, which may enable remote code execution or trigger a denial of service condition on the compromised device.",Cisco,Cisco Session Initiation Protocol (sip) Software,8.1,HIGH,0.0010000000474974513,false,,false,false,true,2024-08-03T03:15:49.000Z,,false,false,,2022-12-12T09:15:00.000Z,0
CVE-2022-20660,https://securityvulnerability.io/vulnerability/CVE-2022-20660,Cisco IP Phones Information Disclosure Vulnerability,"A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.",Cisco,Cisco Session Initiation Protocol (sip) Software,4.6,MEDIUM,0.0010900000343099236,false,,false,false,true,2024-08-03T03:15:35.000Z,,false,false,,2022-01-14T05:15:00.000Z,0