Search

Find a vulnerability

Search criteria

    42 vulnerabilities found for ip_phone_8851_firmware by cisco

    CVE-2025-20351 (GCVE-0-2025-20351)

    Vulnerability from nvd – Published: 2025-10-15 16:15 – Updated: 2025-10-15 17:43
    VLAI
    Title
    Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 12.1(1)SR1
    Affected: 11.5(1)
    Affected: 10.3(2)
    Affected: 10.2(2)
    Affected: 10.3(1)
    Affected: 10.3(1)SR4
    Affected: 11.0(1)
    Affected: 10.4(1)SR2 3rd Party
    Affected: 11.7(1)
    Affected: 12.1(1)
    Affected: 11.0(0.7) MPP
    Affected: 9.3(4) 3rd Party
    Affected: 12.5(1)SR2
    Affected: 10.2(1)SR1
    Affected: 9.3(4)SR3 3rd Party
    Affected: 10.2(1)
    Affected: 12.5(1)
    Affected: 10.3(1)SR2
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 12.5(1)SR1
    Affected: 11.5(1)SR1
    Affected: 10.1(1)SR2
    Affected: 12.0(1)SR2
    Affected: 12.6(1)
    Affected: 10.3(1.11) 3rd Party
    Affected: 12.0(1)
    Affected: 12.0(1)SR1
    Affected: 9.3(3)
    Affected: 12.5(1)SR3
    Affected: 10.3(1)SR4b
    Affected: 9.3(4)SR1 3rd Party
    Affected: 10.3(1)SR5
    Affected: 10.1(1.9)
    Affected: 10.3(1.9) 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 10.3(1)SR1
    Affected: 10.3(1)SR3
    Affected: 10.1(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 10.3(1)SR6
    Affected: 12.8(1)
    Affected: 12.7(1)SR1
    Affected: 11.0(2)SR1
    Affected: 11.0(4)
    Affected: 11.0(2)
    Affected: 11.0(4)SR3
    Affected: 11.0(5)
    Affected: 11.0(3)SR2
    Affected: 11.0(3)SR4
    Affected: 11.0(3)SR3
    Affected: 11.0(2)SR2
    Affected: 11.0(4)SR1
    Affected: 11.0(5)SR3
    Affected: 11.0(3)
    Affected: 11.0(5)SR2
    Affected: 11.0(3)SR6
    Affected: 11.0(5)SR1
    Affected: 11.0(4)SR2
    Affected: 11.0(3)SR1
    Affected: 11.0(3)SR5
    Affected: 11.0(6)
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 14.0(1)
    Affected: 14.0(1)SR1
    Affected: 11.0(6)SR1
    Affected: 10.3(1)SR7
    Affected: 14.0(1)SR2
    Affected: 14.1(1)
    Affected: 14.0(1)SR3
    Affected: 11.0(6)SR2
    Affected: 14.1(1)SR1
    Affected: 14.1(1)SR2
    Affected: 11.0(6)SR4
    Affected: 14.2(1)
    Affected: 14.2(1)SR1
    Affected: 11.0(6)SR5
    Affected: 14.1(1)SR3
    Affected: 14.2(1)SR2
    Affected: 3.1(1)
    Affected: 3.0(1)
    Affected: 2.3(1)
    Affected: 2.3(1)SR1
    Affected: 2.2(1)
    Affected: 2.1(1)
    Affected: 2.0(1)
    Affected: 14.2(1)SR3
    Affected: 3.1(1)SR1
    Affected: 14.3(1)
    Affected: 3.2(1)
    Affected: 14.3(1)SR1
    Affected: 14.2(1)SR4
    Affected: 11.0(6)SR6
    Affected: 14.3(1)SR2
    Affected: 14.3(1)SR3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20351",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-15T17:41:21.666555Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-15T17:43:25.544Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(3)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR6"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR5"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR7"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR4"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR5"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "2.2(1)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR6"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)SR3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI.\r\n\r\nThis vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r\nNote: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T16:15:18.666Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-phone-dos-FPyjLV7A",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-dos-FPyjLV7A"
            }
          ],
          "source": {
            "advisory": "cisco-sa-phone-dos-FPyjLV7A",
            "defects": [
              "CSCwn51683"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20351",
        "datePublished": "2025-10-15T16:15:18.666Z",
        "dateReserved": "2024-10-10T19:15:13.257Z",
        "dateUpdated": "2025-10-15T17:43:25.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20350 (GCVE-0-2025-20350)

    Vulnerability from nvd – Published: 2025-10-15 16:15 – Updated: 2025-10-15 17:42
    VLAI
    Title
    Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Denial of Service Vulnerability
    Summary
    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 12.1(1)SR1
    Affected: 11.5(1)
    Affected: 10.3(2)
    Affected: 10.2(2)
    Affected: 10.3(1)
    Affected: 10.3(1)SR4
    Affected: 11.0(1)
    Affected: 10.4(1)SR2 3rd Party
    Affected: 11.7(1)
    Affected: 12.1(1)
    Affected: 11.0(0.7) MPP
    Affected: 9.3(4) 3rd Party
    Affected: 12.5(1)SR2
    Affected: 10.2(1)SR1
    Affected: 9.3(4)SR3 3rd Party
    Affected: 10.2(1)
    Affected: 12.5(1)
    Affected: 10.3(1)SR2
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 12.5(1)SR1
    Affected: 11.5(1)SR1
    Affected: 10.1(1)SR2
    Affected: 12.0(1)SR2
    Affected: 12.6(1)
    Affected: 10.3(1.11) 3rd Party
    Affected: 12.0(1)
    Affected: 12.0(1)SR1
    Affected: 9.3(3)
    Affected: 12.5(1)SR3
    Affected: 10.3(1)SR4b
    Affected: 9.3(4)SR1 3rd Party
    Affected: 10.3(1)SR5
    Affected: 10.1(1.9)
    Affected: 10.3(1.9) 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 10.3(1)SR1
    Affected: 10.3(1)SR3
    Affected: 10.1(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 10.3(1)SR6
    Affected: 12.8(1)
    Affected: 12.7(1)SR1
    Affected: 11.0(2)SR1
    Affected: 11.0(4)
    Affected: 11.0(2)
    Affected: 11.0(4)SR3
    Affected: 11.0(5)
    Affected: 11.0(3)SR2
    Affected: 11.0(3)SR4
    Affected: 11.0(3)SR3
    Affected: 11.0(2)SR2
    Affected: 11.0(4)SR1
    Affected: 11.0(5)SR3
    Affected: 11.0(3)
    Affected: 11.0(5)SR2
    Affected: 11.0(3)SR6
    Affected: 11.0(5)SR1
    Affected: 11.0(4)SR2
    Affected: 11.0(3)SR1
    Affected: 11.0(3)SR5
    Affected: 11.0(6)
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 14.0(1)
    Affected: 14.0(1)SR1
    Affected: 11.0(6)SR1
    Affected: 10.3(1)SR7
    Affected: 14.0(1)SR2
    Affected: 14.1(1)
    Affected: 14.0(1)SR3
    Affected: 11.0(6)SR2
    Affected: 14.1(1)SR1
    Affected: 14.1(1)SR2
    Affected: 11.0(6)SR4
    Affected: 14.2(1)
    Affected: 14.2(1)SR1
    Affected: 11.0(6)SR5
    Affected: 14.1(1)SR3
    Affected: 14.2(1)SR2
    Affected: 3.1(1)
    Affected: 3.0(1)
    Affected: 2.3(1)
    Affected: 2.3(1)SR1
    Affected: 2.2(1)
    Affected: 2.1(1)
    Affected: 2.0(1)
    Affected: 14.2(1)SR3
    Affected: 3.1(1)SR1
    Affected: 14.3(1)
    Affected: 3.2(1)
    Affected: 14.3(1)SR1
    Affected: 14.2(1)SR4
    Affected: 11.0(6)SR6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20350",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-15T17:42:26.123690Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-15T17:42:59.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(3)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR6"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR5"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR7"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR4"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR5"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "2.2(1)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.\r\nNote: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T16:15:10.244Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-phone-dos-FPyjLV7A",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-dos-FPyjLV7A"
            }
          ],
          "source": {
            "advisory": "cisco-sa-phone-dos-FPyjLV7A",
            "defects": [
              "CSCwn51601"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20350",
        "datePublished": "2025-10-15T16:15:10.244Z",
        "dateReserved": "2024-10-10T19:15:13.257Z",
        "dateUpdated": "2025-10-15T17:42:59.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20336 (GCVE-0-2025-20336)

    Vulnerability from nvd – Published: 2025-09-03 17:41 – Updated: 2025-09-03 17:57
    VLAI
    Title
    Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Disclosure Vulnerability
    Summary
    A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability exists because the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. An attacker could exploit this vulnerability by sending a crafted packet to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information from the device. Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 12.1(1)SR1
    Affected: 11.5(1)
    Affected: 10.3(2)
    Affected: 10.2(2)
    Affected: 10.3(1)
    Affected: 10.3(1)SR4
    Affected: 11.0(1)
    Affected: 10.4(1)SR2 3rd Party
    Affected: 11.7(1)
    Affected: 12.1(1)
    Affected: 11.0(0.7) MPP
    Affected: 9.3(4) 3rd Party
    Affected: 12.5(1)SR2
    Affected: 10.2(1)SR1
    Affected: 9.3(4)SR3 3rd Party
    Affected: 10.2(1)
    Affected: 12.5(1)
    Affected: 10.3(1)SR2
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 12.5(1)SR1
    Affected: 11.5(1)SR1
    Affected: 10.1(1)SR2
    Affected: 12.0(1)SR2
    Affected: 12.6(1)
    Affected: 10.3(1.11) 3rd Party
    Affected: 12.0(1)
    Affected: 12.0(1)SR1
    Affected: 9.3(3)
    Affected: 12.5(1)SR3
    Affected: 10.3(1)SR4b
    Affected: 9.3(4)SR1 3rd Party
    Affected: 10.3(1)SR5
    Affected: 10.1(1.9)
    Affected: 10.3(1.9) 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 10.3(1)SR1
    Affected: 10.3(1)SR3
    Affected: 10.1(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 10.3(1)SR6
    Affected: 12.8(1)
    Affected: 12.7(1)SR1
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 14.0(1)
    Affected: 14.0(1)SR1
    Affected: 10.3(1)SR7
    Affected: 14.0(1)SR2
    Affected: 14.1(1)
    Affected: 14.0(1)SR3
    Affected: 14.1(1)SR1
    Affected: 14.1(1)SR2
    Affected: 14.2(1)
    Affected: 14.2(1)SR1
    Affected: 14.1(1)SR3
    Affected: 14.2(1)SR2
    Affected: 3.1(1)
    Affected: 3.0(1)
    Affected: 2.3(1)
    Affected: 2.3(1)SR1
    Affected: 2.2(1)
    Affected: 2.1(1)
    Affected: 2.0(1)
    Affected: 14.2(1)SR3
    Affected: 3.1(1)SR1
    Affected: 14.3(1)
    Affected: 3.2(1)
    Affected: 14.3(1)SR1
    Affected: 14.2(1)SR4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20336",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-03T17:57:26.410747Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-03T17:57:31.207Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(3)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR7"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "2.2(1)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r\nThis vulnerability exists because the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. An attacker could exploit this vulnerability by sending a crafted packet to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information from the device.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T17:41:01.463Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-phone-write-g3kcC5Df",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-write-g3kcC5Df"
            }
          ],
          "source": {
            "advisory": "cisco-sa-phone-write-g3kcC5Df",
            "defects": [
              "CSCwn51677"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20336",
        "datePublished": "2025-09-03T17:41:01.463Z",
        "dateReserved": "2024-10-10T19:15:13.255Z",
        "dateUpdated": "2025-09-03T17:57:31.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20335 (GCVE-0-2025-20335)

    Vulnerability from nvd – Published: 2025-09-03 17:41 – Updated: 2025-09-03 17:56
    VLAI
    Title
    Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Arbitrary File Write Vulnerability
    Summary
    A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system. Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 12.1(1)SR1
    Affected: 11.5(1)
    Affected: 10.3(2)
    Affected: 10.2(2)
    Affected: 10.3(1)
    Affected: 10.3(1)SR4
    Affected: 11.0(1)
    Affected: 10.4(1)SR2 3rd Party
    Affected: 11.7(1)
    Affected: 12.1(1)
    Affected: 11.0(0.7) MPP
    Affected: 9.3(4) 3rd Party
    Affected: 12.5(1)SR2
    Affected: 10.2(1)SR1
    Affected: 9.3(4)SR3 3rd Party
    Affected: 10.2(1)
    Affected: 12.5(1)
    Affected: 10.3(1)SR2
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 12.5(1)SR1
    Affected: 11.5(1)SR1
    Affected: 10.1(1)SR2
    Affected: 12.0(1)SR2
    Affected: 12.6(1)
    Affected: 10.3(1.11) 3rd Party
    Affected: 12.0(1)
    Affected: 12.0(1)SR1
    Affected: 9.3(3)
    Affected: 12.5(1)SR3
    Affected: 10.3(1)SR4b
    Affected: 9.3(4)SR1 3rd Party
    Affected: 10.3(1)SR5
    Affected: 10.1(1.9)
    Affected: 10.3(1.9) 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 10.3(1)SR1
    Affected: 10.3(1)SR3
    Affected: 10.1(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 10.3(1)SR6
    Affected: 12.8(1)
    Affected: 12.7(1)SR1
    Affected: 11.0(2)SR1
    Affected: 11.0(4)
    Affected: 11.0(2)
    Affected: 11.0(4)SR3
    Affected: 11.0(5)
    Affected: 11.0(3)SR2
    Affected: 11.0(3)SR4
    Affected: 11.0(3)SR3
    Affected: 11.0(2)SR2
    Affected: 11.0(4)SR1
    Affected: 11.0(5)SR3
    Affected: 11.0(3)
    Affected: 11.0(5)SR2
    Affected: 11.0(3)SR6
    Affected: 11.0(5)SR1
    Affected: 11.0(4)SR2
    Affected: 11.0(3)SR1
    Affected: 11.0(3)SR5
    Affected: 11.0(6)
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 14.0(1)
    Affected: 14.0(1)SR1
    Affected: 11.0(6)SR1
    Affected: 10.3(1)SR7
    Affected: 14.0(1)SR2
    Affected: 14.1(1)
    Affected: 14.0(1)SR3
    Affected: 11.0(6)SR2
    Affected: 14.1(1)SR1
    Affected: 14.1(1)SR2
    Affected: 11.0(6)SR4
    Affected: 14.2(1)
    Affected: 14.2(1)SR1
    Affected: 11.0(6)SR5
    Affected: 14.1(1)SR3
    Affected: 14.2(1)SR2
    Affected: 3.1(1)
    Affected: 3.0(1)
    Affected: 2.3(1)
    Affected: 2.3(1)SR1
    Affected: 2.2(1)
    Affected: 2.1(1)
    Affected: 2.0(1)
    Affected: 14.2(1)SR3
    Affected: 3.1(1)SR1
    Affected: 14.3(1)
    Affected: 3.2(1)
    Affected: 14.3(1)SR1
    Affected: 14.2(1)SR4
    Affected: 11.0(6)SR6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20335",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-03T17:56:52.918108Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-03T17:56:55.586Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(3)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR6"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR5"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR7"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR4"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR5"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "2.2(1)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device.\r\n\r\nThis vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T17:41:06.201Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-phone-write-g3kcC5Df",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-write-g3kcC5Df"
            }
          ],
          "source": {
            "advisory": "cisco-sa-phone-write-g3kcC5Df",
            "defects": [
              "CSCwn51679"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Arbitrary File Write Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20335",
        "datePublished": "2025-09-03T17:41:06.201Z",
        "dateReserved": "2024-10-10T19:15:13.255Z",
        "dateUpdated": "2025-09-03T17:56:55.586Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1379 (GCVE-0-2021-1379)

    Vulnerability from nvd – Published: 2024-11-18 15:42 – Updated: 2024-11-18 16:23
    VLAI
    Title
    Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities
    Summary
    Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IP Phones with Multiplatform Firmware Affected: 11.1.2
    Affected: 11.2.1
    Affected: 11.2.3
    Affected: 11.2.2
    Affected: 11.2.3 MSR1-1
    Affected: 11.1.2 MSR1-1
    Affected: 11.1.1
    Affected: 11.1.2 MSR3-1
    Affected: 11.0.0
    Affected: 11.1.1 MSR1-1
    Affected: 11.0.1
    Affected: 11.1.1 MSR2-1
    Affected: 11.2.4
    Affected: 11.0.1 MSR1-1
    Affected: 11.0.2
    Affected: 11.3.1
    Affected: 11.3.1 MSR1-3
    Affected: 11.3.2
    Affected: 11.3.1 MSR2-6
    Affected: 11.3.1 MSR3-3
    Create a notification for this product.
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 9.0(3)
    Affected: 9.0(2)SR2
    Affected: 9.0(2)SR1
    Affected: 9.2(1)
    Affected: 9.4(2)SR1
    Affected: 9.4(2)
    Affected: 9.4(2)SR2
    Affected: 9.4(2)SR3
    Affected: 9.3(1)SR2
    Affected: 9.3(1)SR3
    Affected: 9.3(1)SR1
    Affected: 9.1(1)SR1
    Affected: 9.3(1)SR4
    Affected: 9.2(3)
    Affected: 9.2(1)SR2
    Affected: 9.3(1)
    Affected: 9.4(2)SR4
    Affected: 12.1(1)SR1
    Affected: 11.5(1)
    Affected: 10.3(2)
    Affected: 10.2(2)
    Affected: 10.3(1)
    Affected: 10.3(1)SR4
    Affected: 11.0(1)
    Affected: 10.4(1)SR2 3rd Party
    Affected: 11.7(1)
    Affected: 12.1(1)
    Affected: 11.0(0.7) MPP
    Affected: 9.3(4) 3rd Party
    Affected: 12.5(1)SR2
    Affected: 10.2(1)SR1
    Affected: 9.3(4)SR3 3rd Party
    Affected: 10.2(1)
    Affected: 12.5(1)
    Affected: 10.3(1)SR2
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 12.5(1)SR1
    Affected: 11.5(1)SR1
    Affected: 10.1(1)SR2
    Affected: 12.0(1)SR2
    Affected: 12.6(1)
    Affected: 10.3(1.11) 3rd Party
    Affected: 12.0(1)
    Affected: 12.0(1)SR1
    Affected: 9.3(3)
    Affected: 12.5(1)SR3
    Affected: 10.3(1)SR4b
    Affected: 9.3(4)SR1 3rd Party
    Affected: 10.3(1)SR5
    Affected: 10.1(1.9)
    Affected: 10.3(1.9) 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 10.3(1)SR1
    Affected: 10.3(1)SR3
    Affected: 10.1(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 10.3(1)SR6
    Affected: 12.8(1)
    Affected: 12.7(1)SR1
    Affected: 11.0(2)SR1
    Affected: 11.0(4)
    Affected: 11.0(2)
    Affected: 11.0(4)SR3
    Affected: 11.0(5)
    Affected: 11.0(3)SR2
    Affected: 11.0(3)SR4
    Affected: 11.0(3)SR3
    Affected: 11.0(2)SR2
    Affected: 11.0(4)SR1
    Affected: 11.0(5)SR3
    Affected: 11.0(3)
    Affected: 11.0(5)SR2
    Affected: 11.0(3)SR6
    Affected: 11.0(5)SR1
    Affected: 11.0(4)SR2
    Affected: 11.0(3)SR1
    Affected: 11.0(3)SR5
    Create a notification for this product.
    Cisco Cisco Small Business IP Phones Affected: 7.4.8
    Affected: 7.4.3
    Affected: 7.5.5a
    Affected: 7.3.7
    Affected: 7.5.2
    Affected: 7.5.1
    Affected: 7.4.6
    Affected: 7.5.7
    Affected: 7.4.4
    Affected: 7.6.2SR3
    Affected: 7.6.2
    Affected: 7.5.6
    Affected: 7.5.6c
    Affected: 7.6.0
    Affected: 7.4.7
    Affected: 7.6.2SR6
    Affected: 7.5.2b
    Affected: 7.5.5
    Affected: 7.5.6a
    Affected: 7.6.2SR2
    Affected: 7.5.3
    Affected: 7.5.2a
    Affected: 7.5.6(XU)
    Affected: 7.5.7s
    Affected: 7.6.2SR4
    Affected: 7.6.2SR1
    Affected: 7.4.9
    Affected: 7.5.5b
    Affected: 7.6.2SR5
    Affected: 7.5.4
    Affected: 7.6.1
    Affected: 7.6.2SR7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-1379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-18T16:22:56.651830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-18T16:23:13.534Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR3-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR2-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "11.0.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR1-3"
                },
                {
                  "status": "affected",
                  "version": "11.3.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR2-6"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR3-3"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0(3)"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.2(1)"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)SR3"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "9.2(3)"
                },
                {
                  "status": "affected",
                  "version": "9.2(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)SR4"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(3)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR6"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR5"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.4.8"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.5a"
                },
                {
                  "status": "affected",
                  "version": "7.3.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.4.4"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR3"
                },
                {
                  "status": "affected",
                  "version": "7.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.6c"
                },
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.7"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR6"
                },
                {
                  "status": "affected",
                  "version": "7.5.2b"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.6a"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR2"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.2a"
                },
                {
                  "status": "affected",
                  "version": "7.5.6(XU)"
                },
                {
                  "status": "affected",
                  "version": "7.5.7s"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR4"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR1"
                },
                {
                  "status": "affected",
                  "version": "7.4.9"
                },
                {
                  "status": "affected",
                  "version": "7.5.5b"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR5"
                },
                {
                  "status": "affected",
                  "version": "7.5.4"
                },
                {
                  "status": "affected",
                  "version": "7.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the Cisco\u0026nbsp;Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco\u0026nbsp;IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.\r\nThese vulnerabilities are due to missing checks when the IP phone processes a Cisco\u0026nbsp;Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco\u0026nbsp;Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco\u0026nbsp;Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco\u0026nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-18T15:42:00.388Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ipphone-rce-dos-U2PsSkz3",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3"
            },
            {
              "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipphone-rce-dos-U2PsSkz3",
            "defects": [
              "CSCvu59351"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-1379",
        "datePublished": "2024-11-18T15:42:00.388Z",
        "dateReserved": "2020-11-13T00:00:00.000Z",
        "dateUpdated": "2024-11-18T16:23:13.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20445 (GCVE-0-2024-20445)

    Vulnerability from nvd – Published: 2024-11-06 16:29 – Updated: 2024-11-06 22:00
    VLAI
    Title
    Cisco IP Phone 7800, 8800, and 9800 Series Information Disclosure Vulnerability
    Summary
    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records. Note: Web Access is disabled by default.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 12.1(1)SR1
    Affected: 11.5(1)
    Affected: 10.3(2)
    Affected: 10.2(2)
    Affected: 10.3(1)
    Affected: 10.3(1)SR4
    Affected: 11.0(1)
    Affected: 10.4(1)SR2 3rd Party
    Affected: 11.7(1)
    Affected: 12.1(1)
    Affected: 11.0(0.7) MPP
    Affected: 9.3(4) 3rd Party
    Affected: 12.5(1)SR2
    Affected: 10.2(1)SR1
    Affected: 9.3(4)SR3 3rd Party
    Affected: 10.2(1)
    Affected: 12.5(1)
    Affected: 10.3(1)SR2
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 12.5(1)SR1
    Affected: 11.5(1)SR1
    Affected: 10.1(1)SR2
    Affected: 12.0(1)SR2
    Affected: 12.6(1)
    Affected: 10.3(1.11) 3rd Party
    Affected: 12.0(1)
    Affected: 12.0(1)SR1
    Affected: 9.3(3)
    Affected: 12.5(1)SR3
    Affected: 10.3(1)SR4b
    Affected: 9.3(4)SR1 3rd Party
    Affected: 10.3(1)SR5
    Affected: 10.1(1.9)
    Affected: 10.3(1.9) 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 10.3(1)SR1
    Affected: 10.3(1)SR3
    Affected: 10.1(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 10.3(1)SR6
    Affected: 12.8(1)
    Affected: 12.7(1)SR1
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 14.0(1)
    Affected: 14.0(1)SR1
    Affected: 10.3(1)SR7
    Affected: 14.0(1)SR2
    Affected: 14.1(1)
    Affected: 14.0(1)SR3
    Affected: 14.1(1)SR1
    Affected: 14.1(1)SR2
    Affected: 14.2(1)
    Affected: 14.2(1)SR1
    Affected: 14.1(1)SR3
    Affected: 14.2(1)SR2
    Affected: 3.1(1)
    Affected: 3.0(1)
    Affected: 14.2(1)SR3
    Affected: 3.1(1)SR1
    Create a notification for this product.
    cisco sip_ip_phone_software Affected: 12.1(1)SR1
    Affected: 11.5(1)
    Affected: 10.3(2)
    Affected: 10.2(2)
    Affected: 10.3(1)
    Affected: 10.3(1)SR4
    Affected: 11.0(1)
    Affected: 10.4(1)SR2_3rd_Party
    Affected: 11.7(1)
    Affected: 12.1(1)
    Affected: 11.0(0.7)_MPP
    Affected: 9.3(4)_3rd_Party
    Affected: 12.5(1)SR2
    Affected: 10.2(1)SR1
    Affected: 9.3(4)SR3_3rd_Party
    Affected: 10.2(1)
    Affected: 12.5(1)
    Affected: 10.3(1)SR2
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1)_3rd_Party
    Affected: 12.5(1)SR1
    Affected: 11.5(1)SR1
    Affected: 10.1(1)SR2
    Affected: 12.0(1)SR2
    Affected: 12.6(1)
    Affected: 10.3(1.11)_3rd_Party
    Affected: 12.0(1)
    Affected: 12.0(1)SR1
    Affected: 9.3(3)
    Affected: 12.5(1)SR3
    Affected: 10.3(1)SR4b
    Affected: 9.3(4)SR1_3rd_Party
    Affected: 10.3(1)SR5
    Affected: 10.1(1.9)
    Affected: 10.3(1.9)_3rd_Party
    Affected: 9.3(4)SR2_3rd_Party
    Affected: 10.3(1)SR1
    Affected: 10.3(1)SR3
    Affected: 10.1(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 10.3(1)SR6
    Affected: 12.8(1)
    Affected: 12.7(1)SR1
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 14.0(1)
    Affected: 14.0(1)SR1
    Affected: 10.3(1)SR7
    Affected: 14.0(1)SR2
    Affected: 14.1(1)
    Affected: 14.0(1)SR3
    Affected: 14.1(1)SR1
    Affected: 14.1(1)SR2
    Affected: 14.2(1)
    Affected: 14.2(1)SR1
    Affected: 14.1(1)SR3
    Affected: 14.2(1)SR2
    Affected: 3.1(1)
    Affected: 3.0(1)
    Affected: 14.2(1)SR3
    Affected: 3.1(1)SR1
        cpe:2.3:a:cisco:sip_ip_phone_software:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:sip_ip_phone_software:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sip_ip_phone_software",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.1(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "11.5(1)"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(2)"
                  },
                  {
                    "status": "affected",
                    "version": "10.2(2)"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)SR4"
                  },
                  {
                    "status": "affected",
                    "version": "11.0(1)"
                  },
                  {
                    "status": "affected",
                    "version": "10.4(1)SR2_3rd_Party"
                  },
                  {
                    "status": "affected",
                    "version": "11.7(1)"
                  },
                  {
                    "status": "affected",
                    "version": "12.1(1)"
                  },
                  {
                    "status": "affected",
                    "version": "11.0(0.7)_MPP"
                  },
                  {
                    "status": "affected",
                    "version": "9.3(4)_3rd_Party"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)SR2"
                  },
                  {
                    "status": "affected",
                    "version": "10.2(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "9.3(4)SR3_3rd_Party"
                  },
                  {
                    "status": "affected",
                    "version": "10.2(1)"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)SR2"
                  },
                  {
                    "status": "affected",
                    "version": "11-0-1MSR1-1"
                  },
                  {
                    "status": "affected",
                    "version": "10.4(1)_3rd_Party"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "11.5(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "10.1(1)SR2"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)SR2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1.11)_3rd_Party"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "9.3(3)"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)SR3"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)SR4b"
                  },
                  {
                    "status": "affected",
                    "version": "9.3(4)SR1_3rd_Party"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)SR5"
                  },
                  {
                    "status": "affected",
                    "version": "10.1(1.9)"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1.9)_3rd_Party"
                  },
                  {
                    "status": "affected",
                    "version": "9.3(4)SR2_3rd_Party"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)SR3"
                  },
                  {
                    "status": "affected",
                    "version": "10.1(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)SR3"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "12.7(1)"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)SR6"
                  },
                  {
                    "status": "affected",
                    "version": "12.8(1)"
                  },
                  {
                    "status": "affected",
                    "version": "12.7(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "12.8(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "12.8(1)SR2"
                  },
                  {
                    "status": "affected",
                    "version": "14.0(1)"
                  },
                  {
                    "status": "affected",
                    "version": "14.0(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)SR7"
                  },
                  {
                    "status": "affected",
                    "version": "14.0(1)SR2"
                  },
                  {
                    "status": "affected",
                    "version": "14.1(1)"
                  },
                  {
                    "status": "affected",
                    "version": "14.0(1)SR3"
                  },
                  {
                    "status": "affected",
                    "version": "14.1(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "14.1(1)SR2"
                  },
                  {
                    "status": "affected",
                    "version": "14.2(1)"
                  },
                  {
                    "status": "affected",
                    "version": "14.2(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "14.1(1)SR3"
                  },
                  {
                    "status": "affected",
                    "version": "14.2(1)SR2"
                  },
                  {
                    "status": "affected",
                    "version": "3.1(1)"
                  },
                  {
                    "status": "affected",
                    "version": "3.0(1)"
                  },
                  {
                    "status": "affected",
                    "version": "14.2(1)SR3"
                  },
                  {
                    "status": "affected",
                    "version": "3.1(1)SR1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20445",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T17:23:46.067108Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T22:00:02.234Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(3)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR7"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)SR1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records.\r\nNote: Web Access is disabled by default."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-06T16:29:06.293Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-phone-infodisc-sbyqQVbG",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG"
            }
          ],
          "source": {
            "advisory": "cisco-sa-phone-infodisc-sbyqQVbG",
            "defects": [
              "CSCwk25862"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco IP Phone 7800, 8800, and 9800 Series Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20445",
        "datePublished": "2024-11-06T16:29:06.293Z",
        "dateReserved": "2023-11-08T15:08:07.678Z",
        "dateUpdated": "2024-11-06T22:00:02.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20079 (GCVE-0-2023-20079)

    Vulnerability from nvd – Published: 2023-03-03 00:00 – Updated: 2024-10-28 16:33
    VLAI
    Title
    Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2023-03-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.877Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230302 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20079",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:27:14.331307Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:33:33.489Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-03-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-03T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230302 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ip-phone-cmd-inj-KMFynVcP",
            "defect": [
              [
                "CSCwc78400",
                "CSCwd39132",
                "CSCwd40474",
                "CSCwd40489",
                "CSCwd40494"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20079",
        "datePublished": "2023-03-03T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:33:33.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20078 (GCVE-0-2023-20078)

    Vulnerability from nvd – Published: 2023-03-03 00:00 – Updated: 2024-10-28 16:33
    VLAI
    Title
    Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2023-03-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.824Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230302 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20078",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:27:17.404874Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:33:46.026Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-03-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-03T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230302 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ip-phone-cmd-inj-KMFynVcP",
            "defect": [
              [
                "CSCwc78400",
                "CSCwd39132",
                "CSCwd40474",
                "CSCwd40489",
                "CSCwd40494"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20078",
        "datePublished": "2023-03-03T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:33:46.026Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20018 (GCVE-0-2023-20018)

    Vulnerability from nvd – Published: 2023-01-19 01:35 – Updated: 2024-08-02 08:57
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 9.3(4) 3rd Party
    Affected: 9.3(4)SR3 3rd Party
    Affected: 9.3(4)SR1 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 11.0(3)SR3
    Affected: 11.0(2)SR1
    Affected: 11.5(1)
    Affected: 11.0(5)SR2
    Affected: 11.0(2)
    Affected: 11.7(1)
    Affected: 11.0(4)SR3
    Affected: 11.0(0.7) MPP
    Affected: 11.0(4)SR2
    Affected: 11.0(3)SR5
    Affected: 11.0(3)SR6
    Affected: 11.0(3)
    Affected: 11.0(4)SR1
    Affected: 11.0(1) MPP
    Affected: 11.0(4)
    Affected: 11.0(3)SR4
    Affected: 11.0(5)
    Affected: 11.0(3)SR1
    Affected: 11.0(5)SR1
    Affected: 11.0(3)SR2
    Affected: 11.0(2)SR2
    Affected: 11.0(1)
    Affected: 11.5(1)SR1
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 10.3(1.11) 3rd Party
    Affected: 10.2(2)
    Affected: 10.2(1)SR1
    Affected: 10.1(1.9)
    Affected: 10.1(1)SR2
    Affected: 10.2(1)
    Affected: 10.1(1)SR1
    Affected: 10.4(1)SR2 3rd Party
    Affected: 10.3(1)
    Affected: 10.3(1)SR4b
    Affected: 10.3(1)SR5
    Affected: 10.3(1.9) 3rd Party
    Affected: 10.3(2)
    Affected: 10.3(1)SR4
    Affected: 10.3(1)SR2
    Affected: 10.3(1)SR3
    Affected: 10.3(1)SR1
    Affected: 12.6(1)
    Affected: 12.1(1)
    Affected: 12.5(1)SR1
    Affected: 12.5(1)SR2
    Affected: 12.5(1)
    Affected: 12.5(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 12.1(1)SR1
    Affected: 12.0(1)
    Affected: 12.0(1)SR2
    Affected: 12.0(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.8(1)
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 11.0(5)SR3
    Affected: 11.0(6)
    Affected: 11.0(6)SR1
    Affected: 11.0(6)SR2
    Affected: 10.3(1)SR6
    Affected: 10.3(1)SR7
    Affected: 12.7(1)SR1
    Affected: 14.0(1)SR1
    Affected: 14.0(1)
    Affected: 14.0(1)SR2
    Affected: 14.0(1)SR3
    Affected: 14.1(1)
    Affected: 14.1(1)SR1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ip-phone-auth-bypass-pSqxZRPR",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR5"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR6"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1) MPP"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR7"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:31.975Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ip-phone-auth-bypass-pSqxZRPR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ip-phone-auth-bypass-pSqxZRPR",
            "defects": [
              "CSCwc37223",
              "CSCwc37234"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20018",
        "datePublished": "2023-01-19T01:35:41.006Z",
        "dateReserved": "2022-10-27T18:47:50.308Z",
        "dateUpdated": "2024-08-02T08:57:35.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20968 (GCVE-0-2022-20968)

    Vulnerability from nvd – Published: 2022-12-08 16:13 – Updated: 2024-08-03 02:31
    VLAI
    Summary
    A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 9.3(4) 3rd Party
    Affected: 9.3(4)SR3 3rd Party
    Affected: 9.3(4)SR1 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 11.5(1)
    Affected: 11.7(1)
    Affected: 11.0(0.7) MPP
    Affected: 11.0(1) MPP
    Affected: 11.0(1)
    Affected: 11.5(1)SR1
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 10.3(1.11) 3rd Party
    Affected: 10.2(2)
    Affected: 10.2(1)SR1
    Affected: 10.1(1.9)
    Affected: 10.1(1)SR2
    Affected: 10.2(1)
    Affected: 10.1(1)SR1
    Affected: 10.4(1)SR2 3rd Party
    Affected: 10.3(1)
    Affected: 10.3(1)SR4b
    Affected: 10.3(1)SR5
    Affected: 10.3(1.9) 3rd Party
    Affected: 10.3(2)
    Affected: 10.3(1)SR4
    Affected: 10.3(1)SR2
    Affected: 10.3(1)SR3
    Affected: 10.3(1)SR1
    Affected: 12.6(1)
    Affected: 12.1(1)
    Affected: 12.5(1)SR1
    Affected: 12.5(1)SR2
    Affected: 12.5(1)
    Affected: 12.5(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 12.1(1)SR1
    Affected: 12.0(1)
    Affected: 12.0(1)SR2
    Affected: 12.0(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.8(1)
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 10.3(1)SR6
    Affected: 10.3(1)SR7
    Affected: 12.7(1)SR1
    Affected: 14.0(1)SR1
    Affected: 14.0(1)
    Affected: 14.0(1)SR2
    Affected: 14.0(1)SR3
    Affected: 14.1(1)
    Affected: 14.1(1)SR1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:58.569Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ipp-oobwrite-8cMF5r7U",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "11.0(1) MPP"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR7"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device.\r\n\r\nThis vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory and that this vulnerability has been publicly discussed.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:28.167Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ipp-oobwrite-8cMF5r7U",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipp-oobwrite-8cMF5r7U",
            "defects": [
              "CSCwb28354"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20968",
        "datePublished": "2022-12-08T16:13:11.258Z",
        "dateReserved": "2021-11-02T13:28:29.197Z",
        "dateUpdated": "2024-08-03T02:31:58.569Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20774 (GCVE-0-2022-20774)

    Vulnerability from nvd – Published: 2022-04-06 18:12 – Updated: 2024-11-06 16:28
    VLAI
    Title
    Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.555Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220406 Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-csrf-K56vXvVx"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20774",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:59:08.204328Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:28:57.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phone 7800 Series with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-06T18:12:22.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220406 Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-csrf-K56vXvVx"
            }
          ],
          "source": {
            "advisory": "cisco-sa-voip-phone-csrf-K56vXvVx",
            "defect": [
              [
                "CSCvz56447"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-04-06T23:00:00",
              "ID": "CVE-2022-20774",
              "STATE": "PUBLIC",
              "TITLE": "Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco IP Phone 7800 Series with Multiplatform Firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.8",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-345"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220406 Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-csrf-K56vXvVx"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-voip-phone-csrf-K56vXvVx",
              "defect": [
                [
                  "CSCvz56447"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20774",
        "datePublished": "2022-04-06T18:12:26.733Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:28:57.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20660 (GCVE-0-2022-20660)

    Vulnerability from nvd – Published: 2022-01-14 05:01 – Updated: 2024-11-06 16:33
    VLAI
    Title
    Cisco IP Phones Information Disclosure Vulnerability
    Summary
    A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-01-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:17:53.070Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220113 Cisco IP Phones Information Disclosure Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA"
              },
              {
                "name": "20220114 SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jan/34"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20660",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:59:21.438909Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:33:25.971Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-01-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-17T19:06:13.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220113 Cisco IP Phones Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA"
            },
            {
              "name": "20220114 SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jan/34"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ip-phone-info-disc-fRdJfOxA",
            "defect": [
              [
                "CSCvy39035",
                "CSCvy39054",
                "CSCvy39055",
                "CSCvy39057",
                "CSCvy39058",
                "CSCvy39059"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco IP Phones Information Disclosure Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-01-13T00:00:00",
              "ID": "CVE-2022-20660",
              "STATE": "PUBLIC",
              "TITLE": "Cisco IP Phones Information Disclosure Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Session Initiation Protocol (SIP) Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "4.6",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-312"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220113 Cisco IP Phones Information Disclosure Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA"
                },
                {
                  "name": "20220114 SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2022/Jan/34"
                },
                {
                  "name": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-ip-phone-info-disc-fRdJfOxA",
              "defect": [
                [
                  "CSCvy39035",
                  "CSCvy39054",
                  "CSCvy39055",
                  "CSCvy39057",
                  "CSCvy39058",
                  "CSCvy39059"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20660",
        "datePublished": "2022-01-14T05:01:29.253Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:33:25.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34711 (GCVE-0-2021-34711)

    Vulnerability from nvd – Published: 2021-10-06 19:46 – Updated: 2024-11-07 21:48
    VLAI
    Title
    Cisco IP Phone Software Arbitrary File Read Vulnerability
    Summary
    A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2021-10-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:48.078Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20211006 Cisco IP Phone Software Arbitrary File Read Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-arbfileread-NPdtE2Ow"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34711",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T21:40:04.866442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T21:48:26.126Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2021-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-36",
                  "description": "CWE-36",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-06T19:46:32.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20211006 Cisco IP Phone Software Arbitrary File Read Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-arbfileread-NPdtE2Ow"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipphone-arbfileread-NPdtE2Ow",
            "defect": [
              [
                "CSCvx85812",
                "CSCvx85813",
                "CSCvx85818",
                "CSCvx85820",
                "CSCvx85821",
                "CSCvx85822",
                "CSCvx85824"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco IP Phone Software Arbitrary File Read Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2021-10-06T16:00:00",
              "ID": "CVE-2021-34711",
              "STATE": "PUBLIC",
              "TITLE": "Cisco IP Phone Software Arbitrary File Read Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco IP Phones with Multiplatform Firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "5.5",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-36"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20211006 Cisco IP Phone Software Arbitrary File Read Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-arbfileread-NPdtE2Ow"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-ipphone-arbfileread-NPdtE2Ow",
              "defect": [
                [
                  "CSCvx85812",
                  "CSCvx85813",
                  "CSCvx85818",
                  "CSCvx85820",
                  "CSCvx85821",
                  "CSCvx85822",
                  "CSCvx85824"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-34711",
        "datePublished": "2021-10-06T19:46:32.157Z",
        "dateReserved": "2021-06-15T00:00:00.000Z",
        "dateUpdated": "2024-11-07T21:48:26.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33478 (GCVE-0-2021-33478)

    Vulnerability from nvd – Published: 2021-07-22 16:53 – Updated: 2024-08-03 23:50
    VLAI
    Summary
    The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:42.938Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-22T16:53:32.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-33478",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh",
                  "refsource": "MISC",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-33478",
        "datePublished": "2021-07-22T16:53:32.000Z",
        "dateReserved": "2021-05-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:50:42.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-3574 (GCVE-0-2020-3574)

    Vulnerability from nvd – Published: 2020-11-06 18:16 – Updated: 2024-11-13 17:43
    VLAI
    Title
    Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability
    Summary
    A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2020-11-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:37:55.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20201104 Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-3574",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-13T17:12:06.604039Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-13T17:43:05.265Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2020-11-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-371",
                  "description": "CWE-371",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-06T18:16:31.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20201104 Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-voip-phone-flood-dos-YnU9EXOv",
            "defect": [
              [
                "CSCvs66815",
                "CSCvt83239",
                "CSCvu36012",
                "CSCvu36026"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2020-11-04T16:00:00",
              "ID": "CVE-2020-3574",
              "STATE": "PUBLIC",
              "TITLE": "Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco IP Phones with Multiplatform Firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "7.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-371"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20201104 Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-voip-phone-flood-dos-YnU9EXOv",
              "defect": [
                [
                  "CSCvs66815",
                  "CSCvt83239",
                  "CSCvu36012",
                  "CSCvu36026"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2020-3574",
        "datePublished": "2020-11-06T18:16:31.678Z",
        "dateReserved": "2019-12-12T00:00:00.000Z",
        "dateUpdated": "2024-11-13T17:43:05.265Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20351 (GCVE-0-2025-20351)

    Vulnerability from cvelistv5 – Published: 2025-10-15 16:15 – Updated: 2025-10-15 17:43
    VLAI
    Title
    Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Cross-Site Scripting Vulnerability
    Summary
    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI. This vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 12.1(1)SR1
    Affected: 11.5(1)
    Affected: 10.3(2)
    Affected: 10.2(2)
    Affected: 10.3(1)
    Affected: 10.3(1)SR4
    Affected: 11.0(1)
    Affected: 10.4(1)SR2 3rd Party
    Affected: 11.7(1)
    Affected: 12.1(1)
    Affected: 11.0(0.7) MPP
    Affected: 9.3(4) 3rd Party
    Affected: 12.5(1)SR2
    Affected: 10.2(1)SR1
    Affected: 9.3(4)SR3 3rd Party
    Affected: 10.2(1)
    Affected: 12.5(1)
    Affected: 10.3(1)SR2
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 12.5(1)SR1
    Affected: 11.5(1)SR1
    Affected: 10.1(1)SR2
    Affected: 12.0(1)SR2
    Affected: 12.6(1)
    Affected: 10.3(1.11) 3rd Party
    Affected: 12.0(1)
    Affected: 12.0(1)SR1
    Affected: 9.3(3)
    Affected: 12.5(1)SR3
    Affected: 10.3(1)SR4b
    Affected: 9.3(4)SR1 3rd Party
    Affected: 10.3(1)SR5
    Affected: 10.1(1.9)
    Affected: 10.3(1.9) 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 10.3(1)SR1
    Affected: 10.3(1)SR3
    Affected: 10.1(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 10.3(1)SR6
    Affected: 12.8(1)
    Affected: 12.7(1)SR1
    Affected: 11.0(2)SR1
    Affected: 11.0(4)
    Affected: 11.0(2)
    Affected: 11.0(4)SR3
    Affected: 11.0(5)
    Affected: 11.0(3)SR2
    Affected: 11.0(3)SR4
    Affected: 11.0(3)SR3
    Affected: 11.0(2)SR2
    Affected: 11.0(4)SR1
    Affected: 11.0(5)SR3
    Affected: 11.0(3)
    Affected: 11.0(5)SR2
    Affected: 11.0(3)SR6
    Affected: 11.0(5)SR1
    Affected: 11.0(4)SR2
    Affected: 11.0(3)SR1
    Affected: 11.0(3)SR5
    Affected: 11.0(6)
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 14.0(1)
    Affected: 14.0(1)SR1
    Affected: 11.0(6)SR1
    Affected: 10.3(1)SR7
    Affected: 14.0(1)SR2
    Affected: 14.1(1)
    Affected: 14.0(1)SR3
    Affected: 11.0(6)SR2
    Affected: 14.1(1)SR1
    Affected: 14.1(1)SR2
    Affected: 11.0(6)SR4
    Affected: 14.2(1)
    Affected: 14.2(1)SR1
    Affected: 11.0(6)SR5
    Affected: 14.1(1)SR3
    Affected: 14.2(1)SR2
    Affected: 3.1(1)
    Affected: 3.0(1)
    Affected: 2.3(1)
    Affected: 2.3(1)SR1
    Affected: 2.2(1)
    Affected: 2.1(1)
    Affected: 2.0(1)
    Affected: 14.2(1)SR3
    Affected: 3.1(1)SR1
    Affected: 14.3(1)
    Affected: 3.2(1)
    Affected: 14.3(1)SR1
    Affected: 14.2(1)SR4
    Affected: 11.0(6)SR6
    Affected: 14.3(1)SR2
    Affected: 14.3(1)SR3
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20351",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-15T17:41:21.666555Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-15T17:43:25.544Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(3)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR6"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR5"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR7"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR4"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR5"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "2.2(1)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR6"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)SR3"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI.\r\n\r\nThis vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r\nNote: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T16:15:18.666Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-phone-dos-FPyjLV7A",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-dos-FPyjLV7A"
            }
          ],
          "source": {
            "advisory": "cisco-sa-phone-dos-FPyjLV7A",
            "defects": [
              "CSCwn51683"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Cross-Site Scripting Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20351",
        "datePublished": "2025-10-15T16:15:18.666Z",
        "dateReserved": "2024-10-10T19:15:13.257Z",
        "dateUpdated": "2025-10-15T17:43:25.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20350 (GCVE-0-2025-20350)

    Vulnerability from cvelistv5 – Published: 2025-10-15 16:15 – Updated: 2025-10-15 17:42
    VLAI
    Title
    Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Denial of Service Vulnerability
    Summary
    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 12.1(1)SR1
    Affected: 11.5(1)
    Affected: 10.3(2)
    Affected: 10.2(2)
    Affected: 10.3(1)
    Affected: 10.3(1)SR4
    Affected: 11.0(1)
    Affected: 10.4(1)SR2 3rd Party
    Affected: 11.7(1)
    Affected: 12.1(1)
    Affected: 11.0(0.7) MPP
    Affected: 9.3(4) 3rd Party
    Affected: 12.5(1)SR2
    Affected: 10.2(1)SR1
    Affected: 9.3(4)SR3 3rd Party
    Affected: 10.2(1)
    Affected: 12.5(1)
    Affected: 10.3(1)SR2
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 12.5(1)SR1
    Affected: 11.5(1)SR1
    Affected: 10.1(1)SR2
    Affected: 12.0(1)SR2
    Affected: 12.6(1)
    Affected: 10.3(1.11) 3rd Party
    Affected: 12.0(1)
    Affected: 12.0(1)SR1
    Affected: 9.3(3)
    Affected: 12.5(1)SR3
    Affected: 10.3(1)SR4b
    Affected: 9.3(4)SR1 3rd Party
    Affected: 10.3(1)SR5
    Affected: 10.1(1.9)
    Affected: 10.3(1.9) 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 10.3(1)SR1
    Affected: 10.3(1)SR3
    Affected: 10.1(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 10.3(1)SR6
    Affected: 12.8(1)
    Affected: 12.7(1)SR1
    Affected: 11.0(2)SR1
    Affected: 11.0(4)
    Affected: 11.0(2)
    Affected: 11.0(4)SR3
    Affected: 11.0(5)
    Affected: 11.0(3)SR2
    Affected: 11.0(3)SR4
    Affected: 11.0(3)SR3
    Affected: 11.0(2)SR2
    Affected: 11.0(4)SR1
    Affected: 11.0(5)SR3
    Affected: 11.0(3)
    Affected: 11.0(5)SR2
    Affected: 11.0(3)SR6
    Affected: 11.0(5)SR1
    Affected: 11.0(4)SR2
    Affected: 11.0(3)SR1
    Affected: 11.0(3)SR5
    Affected: 11.0(6)
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 14.0(1)
    Affected: 14.0(1)SR1
    Affected: 11.0(6)SR1
    Affected: 10.3(1)SR7
    Affected: 14.0(1)SR2
    Affected: 14.1(1)
    Affected: 14.0(1)SR3
    Affected: 11.0(6)SR2
    Affected: 14.1(1)SR1
    Affected: 14.1(1)SR2
    Affected: 11.0(6)SR4
    Affected: 14.2(1)
    Affected: 14.2(1)SR1
    Affected: 11.0(6)SR5
    Affected: 14.1(1)SR3
    Affected: 14.2(1)SR2
    Affected: 3.1(1)
    Affected: 3.0(1)
    Affected: 2.3(1)
    Affected: 2.3(1)SR1
    Affected: 2.2(1)
    Affected: 2.1(1)
    Affected: 2.0(1)
    Affected: 14.2(1)SR3
    Affected: 3.1(1)SR1
    Affected: 14.3(1)
    Affected: 3.2(1)
    Affected: 14.3(1)SR1
    Affected: 14.2(1)SR4
    Affected: 11.0(6)SR6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20350",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-10-15T17:42:26.123690Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-15T17:42:59.642Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(3)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR6"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR5"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR7"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR4"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR5"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "2.2(1)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.\r\nNote: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-10-15T16:15:10.244Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-phone-dos-FPyjLV7A",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-dos-FPyjLV7A"
            }
          ],
          "source": {
            "advisory": "cisco-sa-phone-dos-FPyjLV7A",
            "defects": [
              "CSCwn51601"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Denial of Service Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20350",
        "datePublished": "2025-10-15T16:15:10.244Z",
        "dateReserved": "2024-10-10T19:15:13.257Z",
        "dateUpdated": "2025-10-15T17:42:59.642Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20335 (GCVE-0-2025-20335)

    Vulnerability from cvelistv5 – Published: 2025-09-03 17:41 – Updated: 2025-09-03 17:56
    VLAI
    Title
    Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Arbitrary File Write Vulnerability
    Summary
    A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system. Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 12.1(1)SR1
    Affected: 11.5(1)
    Affected: 10.3(2)
    Affected: 10.2(2)
    Affected: 10.3(1)
    Affected: 10.3(1)SR4
    Affected: 11.0(1)
    Affected: 10.4(1)SR2 3rd Party
    Affected: 11.7(1)
    Affected: 12.1(1)
    Affected: 11.0(0.7) MPP
    Affected: 9.3(4) 3rd Party
    Affected: 12.5(1)SR2
    Affected: 10.2(1)SR1
    Affected: 9.3(4)SR3 3rd Party
    Affected: 10.2(1)
    Affected: 12.5(1)
    Affected: 10.3(1)SR2
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 12.5(1)SR1
    Affected: 11.5(1)SR1
    Affected: 10.1(1)SR2
    Affected: 12.0(1)SR2
    Affected: 12.6(1)
    Affected: 10.3(1.11) 3rd Party
    Affected: 12.0(1)
    Affected: 12.0(1)SR1
    Affected: 9.3(3)
    Affected: 12.5(1)SR3
    Affected: 10.3(1)SR4b
    Affected: 9.3(4)SR1 3rd Party
    Affected: 10.3(1)SR5
    Affected: 10.1(1.9)
    Affected: 10.3(1.9) 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 10.3(1)SR1
    Affected: 10.3(1)SR3
    Affected: 10.1(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 10.3(1)SR6
    Affected: 12.8(1)
    Affected: 12.7(1)SR1
    Affected: 11.0(2)SR1
    Affected: 11.0(4)
    Affected: 11.0(2)
    Affected: 11.0(4)SR3
    Affected: 11.0(5)
    Affected: 11.0(3)SR2
    Affected: 11.0(3)SR4
    Affected: 11.0(3)SR3
    Affected: 11.0(2)SR2
    Affected: 11.0(4)SR1
    Affected: 11.0(5)SR3
    Affected: 11.0(3)
    Affected: 11.0(5)SR2
    Affected: 11.0(3)SR6
    Affected: 11.0(5)SR1
    Affected: 11.0(4)SR2
    Affected: 11.0(3)SR1
    Affected: 11.0(3)SR5
    Affected: 11.0(6)
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 14.0(1)
    Affected: 14.0(1)SR1
    Affected: 11.0(6)SR1
    Affected: 10.3(1)SR7
    Affected: 14.0(1)SR2
    Affected: 14.1(1)
    Affected: 14.0(1)SR3
    Affected: 11.0(6)SR2
    Affected: 14.1(1)SR1
    Affected: 14.1(1)SR2
    Affected: 11.0(6)SR4
    Affected: 14.2(1)
    Affected: 14.2(1)SR1
    Affected: 11.0(6)SR5
    Affected: 14.1(1)SR3
    Affected: 14.2(1)SR2
    Affected: 3.1(1)
    Affected: 3.0(1)
    Affected: 2.3(1)
    Affected: 2.3(1)SR1
    Affected: 2.2(1)
    Affected: 2.1(1)
    Affected: 2.0(1)
    Affected: 14.2(1)SR3
    Affected: 3.1(1)SR1
    Affected: 14.3(1)
    Affected: 3.2(1)
    Affected: 14.3(1)SR1
    Affected: 14.2(1)SR4
    Affected: 11.0(6)SR6
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20335",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-03T17:56:52.918108Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-03T17:56:55.586Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(3)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR6"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR5"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR7"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR4"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR5"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "2.2(1)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR6"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device.\r\n\r\nThis vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Control",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T17:41:06.201Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-phone-write-g3kcC5Df",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-write-g3kcC5Df"
            }
          ],
          "source": {
            "advisory": "cisco-sa-phone-write-g3kcC5Df",
            "defects": [
              "CSCwn51679"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Arbitrary File Write Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20335",
        "datePublished": "2025-09-03T17:41:06.201Z",
        "dateReserved": "2024-10-10T19:15:13.255Z",
        "dateUpdated": "2025-09-03T17:56:55.586Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20336 (GCVE-0-2025-20336)

    Vulnerability from cvelistv5 – Published: 2025-09-03 17:41 – Updated: 2025-09-03 17:57
    VLAI
    Title
    Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Disclosure Vulnerability
    Summary
    A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability exists because the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. An attacker could exploit this vulnerability by sending a crafted packet to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information from the device. Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 12.1(1)SR1
    Affected: 11.5(1)
    Affected: 10.3(2)
    Affected: 10.2(2)
    Affected: 10.3(1)
    Affected: 10.3(1)SR4
    Affected: 11.0(1)
    Affected: 10.4(1)SR2 3rd Party
    Affected: 11.7(1)
    Affected: 12.1(1)
    Affected: 11.0(0.7) MPP
    Affected: 9.3(4) 3rd Party
    Affected: 12.5(1)SR2
    Affected: 10.2(1)SR1
    Affected: 9.3(4)SR3 3rd Party
    Affected: 10.2(1)
    Affected: 12.5(1)
    Affected: 10.3(1)SR2
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 12.5(1)SR1
    Affected: 11.5(1)SR1
    Affected: 10.1(1)SR2
    Affected: 12.0(1)SR2
    Affected: 12.6(1)
    Affected: 10.3(1.11) 3rd Party
    Affected: 12.0(1)
    Affected: 12.0(1)SR1
    Affected: 9.3(3)
    Affected: 12.5(1)SR3
    Affected: 10.3(1)SR4b
    Affected: 9.3(4)SR1 3rd Party
    Affected: 10.3(1)SR5
    Affected: 10.1(1.9)
    Affected: 10.3(1.9) 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 10.3(1)SR1
    Affected: 10.3(1)SR3
    Affected: 10.1(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 10.3(1)SR6
    Affected: 12.8(1)
    Affected: 12.7(1)SR1
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 14.0(1)
    Affected: 14.0(1)SR1
    Affected: 10.3(1)SR7
    Affected: 14.0(1)SR2
    Affected: 14.1(1)
    Affected: 14.0(1)SR3
    Affected: 14.1(1)SR1
    Affected: 14.1(1)SR2
    Affected: 14.2(1)
    Affected: 14.2(1)SR1
    Affected: 14.1(1)SR3
    Affected: 14.2(1)SR2
    Affected: 3.1(1)
    Affected: 3.0(1)
    Affected: 2.3(1)
    Affected: 2.3(1)SR1
    Affected: 2.2(1)
    Affected: 2.1(1)
    Affected: 2.0(1)
    Affected: 14.2(1)SR3
    Affected: 3.1(1)SR1
    Affected: 14.3(1)
    Affected: 3.2(1)
    Affected: 14.3(1)SR1
    Affected: 14.2(1)SR4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20336",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-09-03T17:57:26.410747Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-09-03T17:57:31.207Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(3)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR7"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1)"
                },
                {
                  "status": "affected",
                  "version": "2.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "2.2(1)"
                },
                {
                  "status": "affected",
                  "version": "2.1(1)"
                },
                {
                  "status": "affected",
                  "version": "2.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)"
                },
                {
                  "status": "affected",
                  "version": "3.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r\nThis vulnerability exists because the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. An attacker could exploit this vulnerability by sending a crafted packet to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information from the device.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-09-03T17:41:01.463Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-phone-write-g3kcC5Df",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-write-g3kcC5Df"
            }
          ],
          "source": {
            "advisory": "cisco-sa-phone-write-g3kcC5Df",
            "defects": [
              "CSCwn51677"
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2025-20336",
        "datePublished": "2025-09-03T17:41:01.463Z",
        "dateReserved": "2024-10-10T19:15:13.255Z",
        "dateUpdated": "2025-09-03T17:57:31.207Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-1379 (GCVE-0-2021-1379)

    Vulnerability from cvelistv5 – Published: 2024-11-18 15:42 – Updated: 2024-11-18 16:23
    VLAI
    Title
    Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities
    Summary
    Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IP Phones with Multiplatform Firmware Affected: 11.1.2
    Affected: 11.2.1
    Affected: 11.2.3
    Affected: 11.2.2
    Affected: 11.2.3 MSR1-1
    Affected: 11.1.2 MSR1-1
    Affected: 11.1.1
    Affected: 11.1.2 MSR3-1
    Affected: 11.0.0
    Affected: 11.1.1 MSR1-1
    Affected: 11.0.1
    Affected: 11.1.1 MSR2-1
    Affected: 11.2.4
    Affected: 11.0.1 MSR1-1
    Affected: 11.0.2
    Affected: 11.3.1
    Affected: 11.3.1 MSR1-3
    Affected: 11.3.2
    Affected: 11.3.1 MSR2-6
    Affected: 11.3.1 MSR3-3
    Create a notification for this product.
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 9.0(3)
    Affected: 9.0(2)SR2
    Affected: 9.0(2)SR1
    Affected: 9.2(1)
    Affected: 9.4(2)SR1
    Affected: 9.4(2)
    Affected: 9.4(2)SR2
    Affected: 9.4(2)SR3
    Affected: 9.3(1)SR2
    Affected: 9.3(1)SR3
    Affected: 9.3(1)SR1
    Affected: 9.1(1)SR1
    Affected: 9.3(1)SR4
    Affected: 9.2(3)
    Affected: 9.2(1)SR2
    Affected: 9.3(1)
    Affected: 9.4(2)SR4
    Affected: 12.1(1)SR1
    Affected: 11.5(1)
    Affected: 10.3(2)
    Affected: 10.2(2)
    Affected: 10.3(1)
    Affected: 10.3(1)SR4
    Affected: 11.0(1)
    Affected: 10.4(1)SR2 3rd Party
    Affected: 11.7(1)
    Affected: 12.1(1)
    Affected: 11.0(0.7) MPP
    Affected: 9.3(4) 3rd Party
    Affected: 12.5(1)SR2
    Affected: 10.2(1)SR1
    Affected: 9.3(4)SR3 3rd Party
    Affected: 10.2(1)
    Affected: 12.5(1)
    Affected: 10.3(1)SR2
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 12.5(1)SR1
    Affected: 11.5(1)SR1
    Affected: 10.1(1)SR2
    Affected: 12.0(1)SR2
    Affected: 12.6(1)
    Affected: 10.3(1.11) 3rd Party
    Affected: 12.0(1)
    Affected: 12.0(1)SR1
    Affected: 9.3(3)
    Affected: 12.5(1)SR3
    Affected: 10.3(1)SR4b
    Affected: 9.3(4)SR1 3rd Party
    Affected: 10.3(1)SR5
    Affected: 10.1(1.9)
    Affected: 10.3(1.9) 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 10.3(1)SR1
    Affected: 10.3(1)SR3
    Affected: 10.1(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 10.3(1)SR6
    Affected: 12.8(1)
    Affected: 12.7(1)SR1
    Affected: 11.0(2)SR1
    Affected: 11.0(4)
    Affected: 11.0(2)
    Affected: 11.0(4)SR3
    Affected: 11.0(5)
    Affected: 11.0(3)SR2
    Affected: 11.0(3)SR4
    Affected: 11.0(3)SR3
    Affected: 11.0(2)SR2
    Affected: 11.0(4)SR1
    Affected: 11.0(5)SR3
    Affected: 11.0(3)
    Affected: 11.0(5)SR2
    Affected: 11.0(3)SR6
    Affected: 11.0(5)SR1
    Affected: 11.0(4)SR2
    Affected: 11.0(3)SR1
    Affected: 11.0(3)SR5
    Create a notification for this product.
    Cisco Cisco Small Business IP Phones Affected: 7.4.8
    Affected: 7.4.3
    Affected: 7.5.5a
    Affected: 7.3.7
    Affected: 7.5.2
    Affected: 7.5.1
    Affected: 7.4.6
    Affected: 7.5.7
    Affected: 7.4.4
    Affected: 7.6.2SR3
    Affected: 7.6.2
    Affected: 7.5.6
    Affected: 7.5.6c
    Affected: 7.6.0
    Affected: 7.4.7
    Affected: 7.6.2SR6
    Affected: 7.5.2b
    Affected: 7.5.5
    Affected: 7.5.6a
    Affected: 7.6.2SR2
    Affected: 7.5.3
    Affected: 7.5.2a
    Affected: 7.5.6(XU)
    Affected: 7.5.7s
    Affected: 7.6.2SR4
    Affected: 7.6.2SR1
    Affected: 7.4.9
    Affected: 7.5.5b
    Affected: 7.6.2SR5
    Affected: 7.5.4
    Affected: 7.6.1
    Affected: 7.6.2SR7
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-1379",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-18T16:22:56.651830Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-18T16:23:13.534Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR3-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR2-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "11.0.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR1-3"
                },
                {
                  "status": "affected",
                  "version": "11.3.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR2-6"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR3-3"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.0(3)"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "9.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.2(1)"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)SR3"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "9.2(3)"
                },
                {
                  "status": "affected",
                  "version": "9.2(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "9.3(1)"
                },
                {
                  "status": "affected",
                  "version": "9.4(2)SR4"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(3)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR6"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR5"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Cisco Small Business IP Phones",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "7.4.8"
                },
                {
                  "status": "affected",
                  "version": "7.4.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.5a"
                },
                {
                  "status": "affected",
                  "version": "7.3.7"
                },
                {
                  "status": "affected",
                  "version": "7.5.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.1"
                },
                {
                  "status": "affected",
                  "version": "7.4.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.7"
                },
                {
                  "status": "affected",
                  "version": "7.4.4"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR3"
                },
                {
                  "status": "affected",
                  "version": "7.6.2"
                },
                {
                  "status": "affected",
                  "version": "7.5.6"
                },
                {
                  "status": "affected",
                  "version": "7.5.6c"
                },
                {
                  "status": "affected",
                  "version": "7.6.0"
                },
                {
                  "status": "affected",
                  "version": "7.4.7"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR6"
                },
                {
                  "status": "affected",
                  "version": "7.5.2b"
                },
                {
                  "status": "affected",
                  "version": "7.5.5"
                },
                {
                  "status": "affected",
                  "version": "7.5.6a"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR2"
                },
                {
                  "status": "affected",
                  "version": "7.5.3"
                },
                {
                  "status": "affected",
                  "version": "7.5.2a"
                },
                {
                  "status": "affected",
                  "version": "7.5.6(XU)"
                },
                {
                  "status": "affected",
                  "version": "7.5.7s"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR4"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR1"
                },
                {
                  "status": "affected",
                  "version": "7.4.9"
                },
                {
                  "status": "affected",
                  "version": "7.5.5b"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR5"
                },
                {
                  "status": "affected",
                  "version": "7.5.4"
                },
                {
                  "status": "affected",
                  "version": "7.6.1"
                },
                {
                  "status": "affected",
                  "version": "7.6.2SR7"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the Cisco\u0026nbsp;Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco\u0026nbsp;IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.\r\nThese vulnerabilities are due to missing checks when the IP phone processes a Cisco\u0026nbsp;Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco\u0026nbsp;Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco\u0026nbsp;Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco\u0026nbsp;has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco\u00a0Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/RL:X/RC:X/E:X",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-120",
                  "description": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-18T15:42:00.388Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ipphone-rce-dos-U2PsSkz3",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3"
            },
            {
              "name": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipphone-rce-dos-U2PsSkz3",
            "defects": [
              "CSCvu59351"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco IP Phones Cisco Discovery Protocol and Link Layer Discovery Protocol Remote Code Execution and Denial of Service Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-1379",
        "datePublished": "2024-11-18T15:42:00.388Z",
        "dateReserved": "2020-11-13T00:00:00.000Z",
        "dateUpdated": "2024-11-18T16:23:13.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20445 (GCVE-0-2024-20445)

    Vulnerability from cvelistv5 – Published: 2024-11-06 16:29 – Updated: 2024-11-06 22:00
    VLAI
    Title
    Cisco IP Phone 7800, 8800, and 9800 Series Information Disclosure Vulnerability
    Summary
    A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records. Note: Web Access is disabled by default.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 12.1(1)SR1
    Affected: 11.5(1)
    Affected: 10.3(2)
    Affected: 10.2(2)
    Affected: 10.3(1)
    Affected: 10.3(1)SR4
    Affected: 11.0(1)
    Affected: 10.4(1)SR2 3rd Party
    Affected: 11.7(1)
    Affected: 12.1(1)
    Affected: 11.0(0.7) MPP
    Affected: 9.3(4) 3rd Party
    Affected: 12.5(1)SR2
    Affected: 10.2(1)SR1
    Affected: 9.3(4)SR3 3rd Party
    Affected: 10.2(1)
    Affected: 12.5(1)
    Affected: 10.3(1)SR2
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 12.5(1)SR1
    Affected: 11.5(1)SR1
    Affected: 10.1(1)SR2
    Affected: 12.0(1)SR2
    Affected: 12.6(1)
    Affected: 10.3(1.11) 3rd Party
    Affected: 12.0(1)
    Affected: 12.0(1)SR1
    Affected: 9.3(3)
    Affected: 12.5(1)SR3
    Affected: 10.3(1)SR4b
    Affected: 9.3(4)SR1 3rd Party
    Affected: 10.3(1)SR5
    Affected: 10.1(1.9)
    Affected: 10.3(1.9) 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 10.3(1)SR1
    Affected: 10.3(1)SR3
    Affected: 10.1(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 10.3(1)SR6
    Affected: 12.8(1)
    Affected: 12.7(1)SR1
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 14.0(1)
    Affected: 14.0(1)SR1
    Affected: 10.3(1)SR7
    Affected: 14.0(1)SR2
    Affected: 14.1(1)
    Affected: 14.0(1)SR3
    Affected: 14.1(1)SR1
    Affected: 14.1(1)SR2
    Affected: 14.2(1)
    Affected: 14.2(1)SR1
    Affected: 14.1(1)SR3
    Affected: 14.2(1)SR2
    Affected: 3.1(1)
    Affected: 3.0(1)
    Affected: 14.2(1)SR3
    Affected: 3.1(1)SR1
    Create a notification for this product.
    cisco sip_ip_phone_software Affected: 12.1(1)SR1
    Affected: 11.5(1)
    Affected: 10.3(2)
    Affected: 10.2(2)
    Affected: 10.3(1)
    Affected: 10.3(1)SR4
    Affected: 11.0(1)
    Affected: 10.4(1)SR2_3rd_Party
    Affected: 11.7(1)
    Affected: 12.1(1)
    Affected: 11.0(0.7)_MPP
    Affected: 9.3(4)_3rd_Party
    Affected: 12.5(1)SR2
    Affected: 10.2(1)SR1
    Affected: 9.3(4)SR3_3rd_Party
    Affected: 10.2(1)
    Affected: 12.5(1)
    Affected: 10.3(1)SR2
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1)_3rd_Party
    Affected: 12.5(1)SR1
    Affected: 11.5(1)SR1
    Affected: 10.1(1)SR2
    Affected: 12.0(1)SR2
    Affected: 12.6(1)
    Affected: 10.3(1.11)_3rd_Party
    Affected: 12.0(1)
    Affected: 12.0(1)SR1
    Affected: 9.3(3)
    Affected: 12.5(1)SR3
    Affected: 10.3(1)SR4b
    Affected: 9.3(4)SR1_3rd_Party
    Affected: 10.3(1)SR5
    Affected: 10.1(1.9)
    Affected: 10.3(1.9)_3rd_Party
    Affected: 9.3(4)SR2_3rd_Party
    Affected: 10.3(1)SR1
    Affected: 10.3(1)SR3
    Affected: 10.1(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 10.3(1)SR6
    Affected: 12.8(1)
    Affected: 12.7(1)SR1
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 14.0(1)
    Affected: 14.0(1)SR1
    Affected: 10.3(1)SR7
    Affected: 14.0(1)SR2
    Affected: 14.1(1)
    Affected: 14.0(1)SR3
    Affected: 14.1(1)SR1
    Affected: 14.1(1)SR2
    Affected: 14.2(1)
    Affected: 14.2(1)SR1
    Affected: 14.1(1)SR3
    Affected: 14.2(1)SR2
    Affected: 3.1(1)
    Affected: 3.0(1)
    Affected: 14.2(1)SR3
    Affected: 3.1(1)SR1
        cpe:2.3:a:cisco:sip_ip_phone_software:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:sip_ip_phone_software:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "sip_ip_phone_software",
                "vendor": "cisco",
                "versions": [
                  {
                    "status": "affected",
                    "version": "12.1(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "11.5(1)"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(2)"
                  },
                  {
                    "status": "affected",
                    "version": "10.2(2)"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)SR4"
                  },
                  {
                    "status": "affected",
                    "version": "11.0(1)"
                  },
                  {
                    "status": "affected",
                    "version": "10.4(1)SR2_3rd_Party"
                  },
                  {
                    "status": "affected",
                    "version": "11.7(1)"
                  },
                  {
                    "status": "affected",
                    "version": "12.1(1)"
                  },
                  {
                    "status": "affected",
                    "version": "11.0(0.7)_MPP"
                  },
                  {
                    "status": "affected",
                    "version": "9.3(4)_3rd_Party"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)SR2"
                  },
                  {
                    "status": "affected",
                    "version": "10.2(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "9.3(4)SR3_3rd_Party"
                  },
                  {
                    "status": "affected",
                    "version": "10.2(1)"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)SR2"
                  },
                  {
                    "status": "affected",
                    "version": "11-0-1MSR1-1"
                  },
                  {
                    "status": "affected",
                    "version": "10.4(1)_3rd_Party"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "11.5(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "10.1(1)SR2"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)SR2"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1.11)_3rd_Party"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "9.3(3)"
                  },
                  {
                    "status": "affected",
                    "version": "12.5(1)SR3"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)SR4b"
                  },
                  {
                    "status": "affected",
                    "version": "9.3(4)SR1_3rd_Party"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)SR5"
                  },
                  {
                    "status": "affected",
                    "version": "10.1(1.9)"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1.9)_3rd_Party"
                  },
                  {
                    "status": "affected",
                    "version": "9.3(4)SR2_3rd_Party"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)SR3"
                  },
                  {
                    "status": "affected",
                    "version": "10.1(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "12.0(1)SR3"
                  },
                  {
                    "status": "affected",
                    "version": "12.6(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "12.7(1)"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)SR6"
                  },
                  {
                    "status": "affected",
                    "version": "12.8(1)"
                  },
                  {
                    "status": "affected",
                    "version": "12.7(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "12.8(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "12.8(1)SR2"
                  },
                  {
                    "status": "affected",
                    "version": "14.0(1)"
                  },
                  {
                    "status": "affected",
                    "version": "14.0(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "10.3(1)SR7"
                  },
                  {
                    "status": "affected",
                    "version": "14.0(1)SR2"
                  },
                  {
                    "status": "affected",
                    "version": "14.1(1)"
                  },
                  {
                    "status": "affected",
                    "version": "14.0(1)SR3"
                  },
                  {
                    "status": "affected",
                    "version": "14.1(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "14.1(1)SR2"
                  },
                  {
                    "status": "affected",
                    "version": "14.2(1)"
                  },
                  {
                    "status": "affected",
                    "version": "14.2(1)SR1"
                  },
                  {
                    "status": "affected",
                    "version": "14.1(1)SR3"
                  },
                  {
                    "status": "affected",
                    "version": "14.2(1)SR2"
                  },
                  {
                    "status": "affected",
                    "version": "3.1(1)"
                  },
                  {
                    "status": "affected",
                    "version": "3.0(1)"
                  },
                  {
                    "status": "affected",
                    "version": "14.2(1)SR3"
                  },
                  {
                    "status": "affected",
                    "version": "3.1(1)SR1"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20445",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T17:23:46.067108Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T22:00:02.234Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "9.3(3)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR7"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)"
                },
                {
                  "status": "affected",
                  "version": "3.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.2(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "3.1(1)SR1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records.\r\nNote: Web Access is disabled by default."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-11-06T16:29:06.293Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-phone-infodisc-sbyqQVbG",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG"
            }
          ],
          "source": {
            "advisory": "cisco-sa-phone-infodisc-sbyqQVbG",
            "defects": [
              "CSCwk25862"
            ],
            "discovery": "EXTERNAL"
          },
          "title": "Cisco IP Phone 7800, 8800, and 9800 Series Information Disclosure Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20445",
        "datePublished": "2024-11-06T16:29:06.293Z",
        "dateReserved": "2023-11-08T15:08:07.678Z",
        "dateUpdated": "2024-11-06T22:00:02.234Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20078 (GCVE-0-2023-20078)

    Vulnerability from cvelistv5 – Published: 2023-03-03 00:00 – Updated: 2024-10-28 16:33
    VLAI
    Title
    Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2023-03-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.824Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230302 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20078",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:27:17.404874Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:33:46.026Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-03-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-03T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230302 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ip-phone-cmd-inj-KMFynVcP",
            "defect": [
              [
                "CSCwc78400",
                "CSCwd39132",
                "CSCwd40474",
                "CSCwd40489",
                "CSCwd40494"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20078",
        "datePublished": "2023-03-03T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:33:46.026Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20079 (GCVE-0-2023-20079)

    Vulnerability from cvelistv5 – Published: 2023-03-03 00:00 – Updated: 2024-10-28 16:33
    VLAI
    Title
    Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities
    Summary
    Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2023-03-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.877Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20230302 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-20079",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-28T16:27:14.331307Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-28T16:33:33.489Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2023-03-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-03-03T00:00:00.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20230302 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ip-phone-cmd-inj-KMFynVcP",
            "defect": [
              [
                "CSCwc78400",
                "CSCwd39132",
                "CSCwd40474",
                "CSCwd40489",
                "CSCwd40494"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20079",
        "datePublished": "2023-03-03T00:00:00.000Z",
        "dateReserved": "2022-10-27T00:00:00.000Z",
        "dateUpdated": "2024-10-28T16:33:33.489Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20018 (GCVE-0-2023-20018)

    Vulnerability from cvelistv5 – Published: 2023-01-19 01:35 – Updated: 2024-08-02 08:57
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 9.3(4) 3rd Party
    Affected: 9.3(4)SR3 3rd Party
    Affected: 9.3(4)SR1 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 11.0(3)SR3
    Affected: 11.0(2)SR1
    Affected: 11.5(1)
    Affected: 11.0(5)SR2
    Affected: 11.0(2)
    Affected: 11.7(1)
    Affected: 11.0(4)SR3
    Affected: 11.0(0.7) MPP
    Affected: 11.0(4)SR2
    Affected: 11.0(3)SR5
    Affected: 11.0(3)SR6
    Affected: 11.0(3)
    Affected: 11.0(4)SR1
    Affected: 11.0(1) MPP
    Affected: 11.0(4)
    Affected: 11.0(3)SR4
    Affected: 11.0(5)
    Affected: 11.0(3)SR1
    Affected: 11.0(5)SR1
    Affected: 11.0(3)SR2
    Affected: 11.0(2)SR2
    Affected: 11.0(1)
    Affected: 11.5(1)SR1
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 10.3(1.11) 3rd Party
    Affected: 10.2(2)
    Affected: 10.2(1)SR1
    Affected: 10.1(1.9)
    Affected: 10.1(1)SR2
    Affected: 10.2(1)
    Affected: 10.1(1)SR1
    Affected: 10.4(1)SR2 3rd Party
    Affected: 10.3(1)
    Affected: 10.3(1)SR4b
    Affected: 10.3(1)SR5
    Affected: 10.3(1.9) 3rd Party
    Affected: 10.3(2)
    Affected: 10.3(1)SR4
    Affected: 10.3(1)SR2
    Affected: 10.3(1)SR3
    Affected: 10.3(1)SR1
    Affected: 12.6(1)
    Affected: 12.1(1)
    Affected: 12.5(1)SR1
    Affected: 12.5(1)SR2
    Affected: 12.5(1)
    Affected: 12.5(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 12.1(1)SR1
    Affected: 12.0(1)
    Affected: 12.0(1)SR2
    Affected: 12.0(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.8(1)
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 11.0(5)SR3
    Affected: 11.0(6)
    Affected: 11.0(6)SR1
    Affected: 11.0(6)SR2
    Affected: 10.3(1)SR6
    Affected: 10.3(1)SR7
    Affected: 12.7(1)SR1
    Affected: 14.0(1)SR1
    Affected: 14.0(1)
    Affected: 14.0(1)SR2
    Affected: 14.0(1)SR3
    Affected: 14.1(1)
    Affected: 14.1(1)SR1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ip-phone-auth-bypass-pSqxZRPR",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR5"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR6"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1) MPP"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR7"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:31.975Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ip-phone-auth-bypass-pSqxZRPR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ip-phone-auth-bypass-pSqxZRPR",
            "defects": [
              "CSCwc37223",
              "CSCwc37234"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20018",
        "datePublished": "2023-01-19T01:35:41.006Z",
        "dateReserved": "2022-10-27T18:47:50.308Z",
        "dateUpdated": "2024-08-02T08:57:35.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20968 (GCVE-0-2022-20968)

    Vulnerability from cvelistv5 – Published: 2022-12-08 16:13 – Updated: 2024-08-03 02:31
    VLAI
    Summary
    A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device.
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 9.3(4) 3rd Party
    Affected: 9.3(4)SR3 3rd Party
    Affected: 9.3(4)SR1 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 11.5(1)
    Affected: 11.7(1)
    Affected: 11.0(0.7) MPP
    Affected: 11.0(1) MPP
    Affected: 11.0(1)
    Affected: 11.5(1)SR1
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 10.3(1.11) 3rd Party
    Affected: 10.2(2)
    Affected: 10.2(1)SR1
    Affected: 10.1(1.9)
    Affected: 10.1(1)SR2
    Affected: 10.2(1)
    Affected: 10.1(1)SR1
    Affected: 10.4(1)SR2 3rd Party
    Affected: 10.3(1)
    Affected: 10.3(1)SR4b
    Affected: 10.3(1)SR5
    Affected: 10.3(1.9) 3rd Party
    Affected: 10.3(2)
    Affected: 10.3(1)SR4
    Affected: 10.3(1)SR2
    Affected: 10.3(1)SR3
    Affected: 10.3(1)SR1
    Affected: 12.6(1)
    Affected: 12.1(1)
    Affected: 12.5(1)SR1
    Affected: 12.5(1)SR2
    Affected: 12.5(1)
    Affected: 12.5(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 12.1(1)SR1
    Affected: 12.0(1)
    Affected: 12.0(1)SR2
    Affected: 12.0(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.8(1)
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 10.3(1)SR6
    Affected: 10.3(1)SR7
    Affected: 12.7(1)SR1
    Affected: 14.0(1)SR1
    Affected: 14.0(1)
    Affected: 14.0(1)SR2
    Affected: 14.0(1)SR3
    Affected: 14.1(1)
    Affected: 14.1(1)SR1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:31:58.569Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ipp-oobwrite-8cMF5r7U",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "11.0(1) MPP"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR7"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device.\r\n\r\nThis vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol traffic to an affected device. A successful exploit could allow the attacker to cause a stack overflow, resulting in possible remote code execution or a denial of service (DoS) condition on an affected device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is aware that proof-of-concept exploit code is available for the vulnerability described in this advisory and that this vulnerability has been publicly discussed.\r\n\r\nThe Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:28.167Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ipp-oobwrite-8cMF5r7U",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipp-oobwrite-8cMF5r7U",
            "defects": [
              "CSCwb28354"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20968",
        "datePublished": "2022-12-08T16:13:11.258Z",
        "dateReserved": "2021-11-02T13:28:29.197Z",
        "dateUpdated": "2024-08-03T02:31:58.569Z",
        "requesterUserId": "4087f8c1-b21c-479b-99df-de23cb76b743",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20774 (GCVE-0-2022-20774)

    Vulnerability from cvelistv5 – Published: 2022-04-06 18:12 – Updated: 2024-11-06 16:28
    VLAI
    Title
    Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability
    Summary
    A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2022-04-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:24:49.555Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220406 Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-csrf-K56vXvVx"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20774",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:59:08.204328Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:28:57.600Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phone 7800 Series with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-04-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-345",
                  "description": "CWE-345",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-04-06T18:12:22.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220406 Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-csrf-K56vXvVx"
            }
          ],
          "source": {
            "advisory": "cisco-sa-voip-phone-csrf-K56vXvVx",
            "defect": [
              [
                "CSCvz56447"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-04-06T23:00:00",
              "ID": "CVE-2022-20774",
              "STATE": "PUBLIC",
              "TITLE": "Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco IP Phone 7800 Series with Multiplatform Firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "6.8",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-345"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220406 Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-csrf-K56vXvVx"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-voip-phone-csrf-K56vXvVx",
              "defect": [
                [
                  "CSCvz56447"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20774",
        "datePublished": "2022-04-06T18:12:26.733Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:28:57.600Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-20660 (GCVE-0-2022-20660)

    Vulnerability from cvelistv5 – Published: 2022-01-14 05:01 – Updated: 2024-11-06 16:33
    VLAI
    Title
    Cisco IP Phones Information Disclosure Vulnerability
    Summary
    A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-01-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T02:17:53.070Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20220113 Cisco IP Phones Information Disclosure Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA"
              },
              {
                "name": "20220114 SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2022/Jan/34"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-20660",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-06T15:59:21.438909Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-06T16:33:25.971Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2022-01-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-17T19:06:13.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20220113 Cisco IP Phones Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA"
            },
            {
              "name": "20220114 SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2022/Jan/34"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ip-phone-info-disc-fRdJfOxA",
            "defect": [
              [
                "CSCvy39035",
                "CSCvy39054",
                "CSCvy39055",
                "CSCvy39057",
                "CSCvy39058",
                "CSCvy39059"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco IP Phones Information Disclosure Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2022-01-13T00:00:00",
              "ID": "CVE-2022-20660",
              "STATE": "PUBLIC",
              "TITLE": "Cisco IP Phones Information Disclosure Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco Session Initiation Protocol (SIP) Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "4.6",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-312"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20220113 Cisco IP Phones Information Disclosure Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA"
                },
                {
                  "name": "20220114 SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2022/Jan/34"
                },
                {
                  "name": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-ip-phone-info-disc-fRdJfOxA",
              "defect": [
                [
                  "CSCvy39035",
                  "CSCvy39054",
                  "CSCvy39055",
                  "CSCvy39057",
                  "CSCvy39058",
                  "CSCvy39059"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2022-20660",
        "datePublished": "2022-01-14T05:01:29.253Z",
        "dateReserved": "2021-11-02T00:00:00.000Z",
        "dateUpdated": "2024-11-06T16:33:25.971Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-34711 (GCVE-0-2021-34711)

    Vulnerability from cvelistv5 – Published: 2021-10-06 19:46 – Updated: 2024-11-07 21:48
    VLAI
    Title
    Cisco IP Phone Software Arbitrary File Read Vulnerability
    Summary
    A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2021-10-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T00:19:48.078Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20211006 Cisco IP Phone Software Arbitrary File Read Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-arbfileread-NPdtE2Ow"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-34711",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-07T21:40:04.866442Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-07T21:48:26.126Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2021-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-36",
                  "description": "CWE-36",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-10-06T19:46:32.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20211006 Cisco IP Phone Software Arbitrary File Read Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-arbfileread-NPdtE2Ow"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipphone-arbfileread-NPdtE2Ow",
            "defect": [
              [
                "CSCvx85812",
                "CSCvx85813",
                "CSCvx85818",
                "CSCvx85820",
                "CSCvx85821",
                "CSCvx85822",
                "CSCvx85824"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco IP Phone Software Arbitrary File Read Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2021-10-06T16:00:00",
              "ID": "CVE-2021-34711",
              "STATE": "PUBLIC",
              "TITLE": "Cisco IP Phone Software Arbitrary File Read Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco IP Phones with Multiplatform Firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by providing crafted input to a debug shell command. A successful exploit could allow the attacker to read any file on the device file system."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "5.5",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-36"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20211006 Cisco IP Phone Software Arbitrary File Read Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-arbfileread-NPdtE2Ow"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-ipphone-arbfileread-NPdtE2Ow",
              "defect": [
                [
                  "CSCvx85812",
                  "CSCvx85813",
                  "CSCvx85818",
                  "CSCvx85820",
                  "CSCvx85821",
                  "CSCvx85822",
                  "CSCvx85824"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2021-34711",
        "datePublished": "2021-10-06T19:46:32.157Z",
        "dateReserved": "2021-06-15T00:00:00.000Z",
        "dateUpdated": "2024-11-07T21:48:26.126Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-33478 (GCVE-0-2021-33478)

    Vulnerability from cvelistv5 – Published: 2021-07-22 16:53 – Updated: 2024-08-03 23:50
    VLAI
    Summary
    The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T23:50:42.938Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-07-22T16:53:32.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-33478",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device. This, for example, affects certain Cisco IP Phone and Wireless IP Phone products before 2021-07-07. Exploitation is possible only when the attacker can disassemble the device in order to control the voltage/current for chip pins."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh",
                  "refsource": "MISC",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-brcm-mxc-jul2021-26LqUZUh"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-33478",
        "datePublished": "2021-07-22T16:53:32.000Z",
        "dateReserved": "2021-05-20T00:00:00.000Z",
        "dateUpdated": "2024-08-03T23:50:42.938Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-3574 (GCVE-0-2020-3574)

    Vulnerability from cvelistv5 – Published: 2020-11-06 18:16 – Updated: 2024-11-13 17:43
    VLAI
    Title
    Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability
    Summary
    A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2020-11-04 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:37:55.701Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20201104 Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-3574",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-13T17:12:06.604039Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-13T17:43:05.265Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2020-11-04T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-371",
                  "description": "CWE-371",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-11-06T18:16:31.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20201104 Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv"
            }
          ],
          "source": {
            "advisory": "cisco-sa-voip-phone-flood-dos-YnU9EXOv",
            "defect": [
              [
                "CSCvs66815",
                "CSCvt83239",
                "CSCvu36012",
                "CSCvu36026"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2020-11-04T16:00:00",
              "ID": "CVE-2020-3574",
              "STATE": "PUBLIC",
              "TITLE": "Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco IP Phones with Multiplatform Firmware",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "7.5",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-371"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20201104 Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-voip-phone-flood-dos-YnU9EXOv",
              "defect": [
                [
                  "CSCvs66815",
                  "CSCvt83239",
                  "CSCvu36012",
                  "CSCvu36026"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2020-3574",
        "datePublished": "2020-11-06T18:16:31.678Z",
        "dateReserved": "2019-12-12T00:00:00.000Z",
        "dateUpdated": "2024-11-13T17:43:05.265Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }