cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-1379,https://securityvulnerability.io/vulnerability/CVE-2021-1379,Unauthenticated Remote Code Execution and Denial of Service Vulnerabilities in Cisco IP Phones,"Vulnerabilities exist in the Cisco Discovery Protocol and Link Layer Discovery Protocol implementations within Cisco IP Phone Series 68xx/78xx/88xx models. These vulnerabilities stem from inadequate security checks when processing incoming Cisco Discovery Protocol or LLDP packets, allowing an unauthenticated, adjacent attacker to potentially execute arbitrary code remotely or cause unintended reboots of the affected devices. Exploitation requires the attacker to be on the same broadcast domain, highlighting the importance of securing network segments to mitigate such risks. Cisco has made software updates available to resolve these vulnerabilities, with no effective workarounds identified.",Cisco,"Cisco Ip Phones With Multiplatform Firmware,Cisco Session Initiation Protocol (sip) Software,Cisco Small Business Ip Phones",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-18T15:42:00.388Z,0
CVE-2024-20451,https://securityvulnerability.io/vulnerability/CVE-2024-20451,Unauthorized Remote Attack on IP Phones Could Cause Device Reload,"Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business SPA300 Series and SPA500 Series IP Phones, allowing an unauthenticated remote attacker to exploit weaknesses in error handling of HTTP packets. By sending specially crafted HTTP packets to the remote interface of the devices, an attacker could initiate unexpected reloads, leading to a denial of service condition. This vulnerability poses a significant risk as it can disrupt communications for users relying on these devices.",Cisco,Cisco Small Business Ip Phones,7.5,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-07T16:48:37.184Z,0
CVE-2024-20454,https://securityvulnerability.io/vulnerability/CVE-2024-20454,Unauthenticated Remote Attackers Could Execute Arbitrary Commands with Root Privileges,"The web-based management interface of Cisco Small Business SPA300 Series and SPA500 Series IP Phones contains vulnerabilities that allow unauthenticated remote attackers to exploit a lack of proper error checking in incoming HTTP packets. This oversight can lead to a buffer overflow scenario whereby an attacker sends a specially crafted HTTP request to the vulnerable devices. Upon successful exploitation, the attacker can execute arbitrary commands on the underlying operating system with root privileges, potentially compromising the device and the security of the network within which it operates.",Cisco,Cisco Small Business Ip Phones,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-08-07T16:47:46.205Z,0
CVE-2024-20450,https://securityvulnerability.io/vulnerability/CVE-2024-20450,Unauthorized Remote Execution of Arbitrary Commands on Cisco Small Business IP Phones,"Vulnerabilities exist in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones that could permit unauthenticated remote attackers to execute arbitrary commands on the device's operating system with root privileges. These issues arise from inadequate error checking of incoming HTTP packets, which can lead to buffer overflow conditions. By sending specially crafted HTTP requests to affected devices, attackers may gain the ability to overflow an internal buffer, ultimately enabling them to execute commands with elevated privileges, potentially compromising the integrity and security of the devices.",Cisco,Cisco Small Business Ip Phones,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-08-07T16:46:42.633Z,0
CVE-2023-20181,https://securityvulnerability.io/vulnerability/CVE-2023-20181,Cross-Site Scripting Vulnerability in Cisco Small Business SPA500 Series IP Phones,"A vulnerability exists in the web-based management interface of Cisco Small Business SPA500 Series IP Phones, allowing remote attackers to exploit it through Cross-Site Scripting (XSS) techniques. This issue arises from inadequate validation of user input, potentially enabling an attacker to execute arbitrary script code in the context of the interface or to gain access to sensitive browser information. An attacker can exploit this vulnerability by enticing a user to click on a specially crafted link, leading to unauthorized actions within the affected software.",Cisco,Cisco Small Business IP Phones,6.1,MEDIUM,0.001290000043809414,false,,false,false,false,,,false,false,,2023-08-03T22:15:00.000Z,0
CVE-2023-20218,https://securityvulnerability.io/vulnerability/CVE-2023-20218,Web-based Management Interface Vulnerability in Cisco SPA500 Series Analog Telephone Adapters,"A vulnerability exists in the web-based management interface of Cisco SPA500 Series Analog Telephone Adapters that allows an authenticated remote attacker to manipulate web pages viewed in users' browsers. This issue arises from the inadequate validation of user-supplied input, which can be exploited if the attacker tricks a user into clicking a specially crafted link. Successful exploitation can lead to redirection of users to harmful websites or pave the way for additional client-side attacks. Notably, Cisco will not provide software updates to remediate this vulnerability.",Cisco,Cisco Small Business Ip Phones,5.8,MEDIUM,0.0009599999757483602,false,,false,false,true,2024-10-17T15:15:04.000Z,,false,false,,2023-08-03T22:15:00.000Z,0
CVE-2023-20126,https://securityvulnerability.io/vulnerability/CVE-2023-20126,Cisco SPA112 2-Port Phone Adapters Remote Command Execution Vulnerability,"A critical flaw in the web-based management interface of the Cisco SPA112 2-Port Phone Adapter allows unauthenticated attackers to execute arbitrary code. This vulnerability stems from an absence of authentication during the firmware upgrade process, which could enable an attacker to upload a malicious firmware version. If successfully exploited, the attacker gains complete system privileges, putting the device and potentially the larger network at significant risk. Cisco has not yet provided any firmware updates to mitigate this issue.",Cisco,Cisco Small Business Ip Phones,9.8,CRITICAL,0.0030400000978261232,false,,false,false,true,2023-05-17T08:59:40.000Z,true,false,false,,2023-05-04T00:00:00.000Z,0
CVE-2018-0389,https://securityvulnerability.io/vulnerability/CVE-2018-0389,Cisco Small Business SPA514G IP Phones SIP Denial of Service Vulnerability,"A vulnerability in the implementation of Session Initiation Protocol (SIP) processing in Cisco Small Business SPA514G IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to improper processing of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending crafted SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. Cisco has not released software updates that address this vulnerability. This vulnerability affects Cisco Small Business SPA514G IP Phones that are running firmware release 7.6.2SR2 or earlier.",Cisco,Cisco Small Business Spa500 Series Ip Phones,7.5,HIGH,0.000859999970998615,false,,false,false,true,2024-08-05T04:15:19.000Z,,false,false,,2019-03-13T00:00:00.000Z,0
CVE-2019-1683,https://securityvulnerability.io/vulnerability/CVE-2019-1683,"Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability","A vulnerability in the certificate handling component of the Cisco SPA112, SPA525, and SPA5X5 Series IP Phones could allow an unauthenticated, remote attacker to listen to or control some aspects of a Transport Level Security (TLS)-encrypted Session Initiation Protocol (SIP) conversation. The vulnerability is due to the improper validation of server certificates. An attacker could exploit this vulnerability by crafting a malicious server certificate to present to the client. An exploit could allow an attacker to eavesdrop on TLS-encrypted traffic and potentially route or redirect calls initiated by an affected device. Affected software include version 7.6.2 of the Cisco Small Business SPA525 Series IP Phones and Cisco Small Business SPA5X5 Series IP Phones and version 1.4.2 of the Cisco Small Business SPA500 Series IP Phones and Cisco Small Business SPA112 Series IP Phones.",Cisco,"Cisco Small Business Spa500 Series Ip Phones,Cisco Small Business Spa112 Series Ip Phones,Cisco Small Business Spa525 Series Ip Phones,Cisco Small Business Spa5x5 Series Ip Phones",6.5,MEDIUM,0.0013000000035390258,false,,false,false,true,2024-08-04T19:16:04.000Z,,false,false,,2019-02-25T17:29:00.000Z,0
CVE-2017-12260,https://securityvulnerability.io/vulnerability/CVE-2017-12260,,"A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by using formatted specifiers in a SIP payload that is sent to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones that are running firmware release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63986.",Cisco,"Cisco Small Business Spa50x, Spa51x, And Spa52x Series Ip Phones",7.5,HIGH,0.0029899999499320984,false,,false,false,false,,,false,false,,2017-10-19T08:00:00.000Z,0
CVE-2017-12259,https://securityvulnerability.io/vulnerability/CVE-2017-12259,,"A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive, resulting in a denial of service (DoS) condition. The vulnerability is due to the improper handling of SIP request messages by an affected device. An attacker could exploit this vulnerability by sending malformed SIP messages to an affected device. A successful exploit could allow the attacker to cause the affected device to become unresponsive, resulting in a DoS condition that persists until the device is restarted manually. This vulnerability affects Cisco Small Business SPA51x Series IP Phones that are running Cisco SPA51x Firmware Release 7.6.2SR1 or earlier. Cisco Bug IDs: CSCvc63982.",Cisco,Cisco Small Business Spa51x Series Ip Phones,7.5,HIGH,0.0029899999499320984,false,,false,false,false,,,false,false,,2017-10-19T08:00:00.000Z,0
CVE-2017-12219,https://securityvulnerability.io/vulnerability/CVE-2017-12219,,"A vulnerability in the handling of IP fragments for the Cisco Small Business SPA300, SPA500, and SPA51x Series IP Phones could allow an unauthenticated, remote attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to the inability to handle many large IP fragments for reassembly in a short duration. An attacker could exploit this vulnerability by sending a crafted stream of IP fragments to the targeted device. An exploit could allow the attacker to cause a DoS condition when the device unexpectedly reloads. Cisco Bug IDs: CSCve82586.",Cisco,"Cisco Small Business Spa300, Spa500, And Spa51x Series Ip Phones",7.5,HIGH,0.0029899999499320984,false,,false,false,false,,,false,false,,2017-09-21T05:00:00.000Z,0