cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-1716,https://securityvulnerability.io/vulnerability/CVE-2019-1716,Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability,"A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or to execute arbitrary code with the privileges of the app user. Cisco fixed this vulnerability in the following SIP Software releases: 10.3(1)SR5 and later for Cisco Unified IP Conference Phone 8831; 11.0(4)SR3 and later for Cisco Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 and later for the rest of the Cisco IP Phone 7800 Series and 8800 Series.",Cisco,"Cisco Unified Ip Conference Phone 8831,Cisco Wireless Ip Phone 8821 And 8821-ex,Cisco Ip Phone 7800 Series And 8800 Series",7.5,HIGH,0.009119999594986439,false,,false,false,true,2024-08-04T19:16:06.000Z,,false,false,,2019-03-22T20:29:00.000Z,0
CVE-2018-15434,https://securityvulnerability.io/vulnerability/CVE-2018-15434,Cisco Unified IP Phone 7900 Series Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco Unified IP Phone 7900 Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.",Cisco,Cisco Unified Ip Phone 7900 Series,6.1,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2018-10-05T14:29:00.000Z,0
CVE-2018-0332,https://securityvulnerability.io/vulnerability/CVE-2018-0332,,"A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945.",Cisco,Cisco Unified Ip Phone Software Unknown,7.5,HIGH,0.0029899999499320984,false,,false,false,false,,,false,false,,2018-06-07T21:00:00.000Z,0
CVE-2015-4226,https://securityvulnerability.io/vulnerability/CVE-2015-4226,,"The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976.",Cisco,Unified Ip Phones 9900 Series Firmware,,,0.003280000062659383,false,,false,false,false,,,false,false,,2015-06-30T15:00:00.000Z,0
CVE-2015-0600,https://securityvulnerability.io/vulnerability/CVE-2015-0600,,"The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139.",Cisco,Unified Ip Phones 9900 Series Firmware,,,0.004879999905824661,false,,false,false,false,,,false,false,,2015-02-07T15:00:00.000Z,0
CVE-2015-0602,https://securityvulnerability.io/vulnerability/CVE-2015-0602,,"The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117.",Cisco,Unified Ip Phones 9900 Series Firmware,,,0.0031799999997019768,false,,false,false,false,,,false,false,,2015-02-07T15:00:00.000Z,0
CVE-2015-0603,https://securityvulnerability.io/vulnerability/CVE-2015-0603,,"Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing to a phone's filesystem, aka Bug ID CSCup90474.",Cisco,Unified Ip Phones 9900 Series Firmware,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2015-02-07T02:00:00.000Z,0
CVE-2015-0604,https://securityvulnerability.io/vulnerability/CVE-2015-0604,,"The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424.",Cisco,Unified Ip Phones 9971 Firmware,,,0.0019199999514967203,false,,false,false,false,,,false,false,,2015-02-07T02:00:00.000Z,0
CVE-2015-0601,https://securityvulnerability.io/vulnerability/CVE-2015-0601,,"Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow local users to cause a denial of service (device reload) via crafted commands, aka Bug ID CSCup92790.",Cisco,Unified Ip Phones 9971 Firmware,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2015-02-07T02:00:00.000Z,0
CVE-2014-0737,https://securityvulnerability.io/vulnerability/CVE-2014-0737,,"The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote attackers to bypass authentication and change trust relationships by injecting a Certificate Trust List (CTL) file, aka Bug ID CSCuj66795.",Cisco,Unified Ip Phone 7960g,,,0.0013299999991431832,false,,false,false,false,,,false,false,,2014-02-22T21:00:00.000Z,0
CVE-2014-0658,https://securityvulnerability.io/vulnerability/CVE-2014-0658,,"Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898.",Cisco,"Unified Ip Phones 9900 Series Firmware,Unified Ip Phone 9951,Unified Ip Phone 9971",,,0.011669999919831753,false,,false,false,false,,,false,false,,2014-01-10T16:00:00.000Z,0
CVE-2013-6685,https://securityvulnerability.io/vulnerability/CVE-2013-6685,,"The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382.",Cisco,"Unified Ip Phone Firmware,Unified Ip Phone 8961,Unified Ip Phone 9951,Unified Ip Phone 9971",,,0.0024500000290572643,false,,false,false,false,,,false,false,,2013-11-13T15:55:00.000Z,0
CVE-2013-5533,https://securityvulnerability.io/vulnerability/CVE-2013-5533,,"The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334.",Cisco,"Unified Ip Phones 9900 Series Firmware,Unified Ip Phone 9951,Unified Ip Phone 9971",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2013-10-11T03:54:00.000Z,0
CVE-2013-5532,https://securityvulnerability.io/vulnerability/CVE-2013-5532,,"Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID CSCuh10343.",Cisco,"Unified Ip Phones 9900 Series Firmware,Unified Ip Phone 9951,Unified Ip Phone 9971",,,0.0034099998883903027,false,,false,false,false,,,false,false,,2013-10-11T03:54:00.000Z,0
CVE-2013-5526,https://securityvulnerability.io/vulnerability/CVE-2013-5526,,"Cisco 9900 fourth-generation IP phones do not properly perform SDP negotiation, which allows remote attackers to cause a denial of service (device reboot) via crafted SDP packets, aka Bug ID CSCuf06698.",Cisco,"Unified Ip Phone 9951,Unified Ip Phone 9971",,,0.0034099998883903027,false,,false,false,false,,,false,false,,2013-10-10T10:00:00.000Z,0
CVE-2013-3468,https://securityvulnerability.io/vulnerability/CVE-2013-3468,,"The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote attackers to cause a denial of service (device hang) via a malformed PNG file, aka Bug ID CSCud04270.",Cisco,"Unified Ip Phone Firmware,Unified Ip Phone 8945",,,0.002589999930933118,false,,false,false,false,,,false,false,,2013-08-29T10:00:00.000Z,0
CVE-2013-3426,https://securityvulnerability.io/vulnerability/CVE-2013-3426,,"The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810.",Cisco,"Unified Ip Phones 9900 Series Firmware,Unified Ip Phone 9951,Unified Ip Phone 9971",,,0.0024800000246614218,false,,false,false,false,,,false,false,,2013-07-18T12:51:00.000Z,0
CVE-2012-5445,https://securityvulnerability.io/vulnerability/CVE-2012-5445,,"The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 series devices (aka TNP phones) with software before 9.3.1-ES10 does not properly validate unspecified system calls, which allows attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a crafted binary.",Cisco,"Skinny Client Control Protocol Software,Unified Ip Phone,Unified Ip Phone 7906g",,,0.0004400000034365803,false,,false,false,false,,,false,false,,2012-12-28T11:00:00.000Z,0
CVE-2012-1328,https://securityvulnerability.io/vulnerability/CVE-2012-1328,,"Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.",Cisco,"Unified Ip Phone Firmware,Unified Ip Phone",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2012-05-03T23:55:00.000Z,0
CVE-2011-1602,https://securityvulnerability.io/vulnerability/CVE-2011-1602,,"The su utility on Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.0.3 allows local users to gain privileges via unspecified vectors, aka Bug ID CSCtf07426.",Cisco,"Unified Ip Phone 7906,Unified Ip Phone 7911g,Unified Ip Phone 7931g,Unified Ip Phone 7941g,Unified Ip Phone 7941g-ge,Unified Ip Phone 7942g,Unified Ip Phone 7945g,Unified Ip Phone 7961g,Unified Ip Phone 7961g-ge,Unified Ip Phone 7962g,Unified Ip Phone 7965g,Unified Ip Phone 7970g,Unified Ip Phone 7971g-ge,Unified Ip Phone 7975g,Skinny Client Control Protocol Software",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2011-06-02T20:00:00.000Z,0
CVE-2011-1637,https://securityvulnerability.io/vulnerability/CVE-2011-1637,,"Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 do not properly verify signatures for software images, which allows local users to gain privileges via a crafted image, aka Bug ID CSCtn65962.",Cisco,"Unified Ip Phone 7906,Unified Ip Phone 7911g,Unified Ip Phone 7931g,Unified Ip Phone 7941g,Unified Ip Phone 7941g-ge,Unified Ip Phone 7942g,Unified Ip Phone 7945g,Unified Ip Phone 7961g,Unified Ip Phone 7961g-ge,Unified Ip Phone 7962g,Unified Ip Phone 7965g,Unified Ip Phone 7970g,Unified Ip Phone 7971g-ge,Unified Ip Phone 7975g,Skinny Client Control Protocol Software",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2011-06-02T20:00:00.000Z,0
CVE-2011-1603,https://securityvulnerability.io/vulnerability/CVE-2011-1603,,"Cisco Unified IP Phones 7900 devices (aka TNP phones) with software before 9.2.1 allow local users to gain privileges via unspecified vectors, aka Bug ID CSCtn65815.",Cisco,"Unified Ip Phone 7906,Unified Ip Phone 7911g,Unified Ip Phone 7931g,Unified Ip Phone 7941g,Unified Ip Phone 7941g-ge,Unified Ip Phone 7942g,Unified Ip Phone 7945g,Unified Ip Phone 7961g,Unified Ip Phone 7961g-ge,Unified Ip Phone 7962g,Unified Ip Phone 7965g,Unified Ip Phone 7970g,Unified Ip Phone 7971g-ge,Unified Ip Phone 7975g,Skinny Client Control Protocol Software",,,0.0004199999966658652,false,,false,false,false,,,false,false,,2011-06-02T20:00:00.000Z,0
CVE-2008-4444,https://securityvulnerability.io/vulnerability/CVE-2008-4444,,Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers.,Cisco,"Unified Ip Phone 7940g,Unified Ip Phone 7960g",,,0.060029998421669006,false,,false,false,false,,,false,false,,2009-01-16T21:00:00.000Z,0
CVE-2007-6190,https://securityvulnerability.io/vulnerability/CVE-2007-6190,,"The HTTP daemon in the Cisco Unified IP Phone, when the Extension Mobility feature is enabled, allows remote authenticated users of other phones associated with the same CUCM server to eavesdrop on the physical environment via a CiscoIPPhoneExecute message containing a URL attribute of an ExecuteItem element that specifies a Real-Time Transport Protocol (RTP) audio stream.",Cisco,Unified Ip Phone,,,0.0027000000700354576,false,,false,false,false,,,false,false,,2007-11-30T01:00:00.000Z,0
CVE-2007-1072,https://securityvulnerability.io/vulnerability/CVE-2007-1072,,"The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors.  NOTE: this issue can be leveraged remotely via CVE-2007-1063.",Cisco,Unified Ip Phone Firmware 7906g,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2007-02-22T22:00:00.000Z,0