Vulnerabilities > Cisco > IP Phone 7811 Firmware

DATE CVE VULNERABILITY TITLE RISK
2023-03-03 CVE-2023-20078 Out-of-bounds Write vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-787
critical
9.8
2023-03-03 CVE-2023-20079 Out-of-bounds Write vulnerability in Cisco products
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.
network
low complexity
cisco CWE-787
7.5
2023-01-20 CVE-2023-20018 Incorrect Authorization vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input.
network
low complexity
cisco CWE-863
6.5
2022-12-12 CVE-2022-20968 Out-of-bounds Write vulnerability in Cisco products
A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets.
low complexity
cisco CWE-787
8.8
2022-04-06 CVE-2022-20774 Cross-Site Request Forgery (CSRF) vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system.
network
low complexity
cisco CWE-352
8.1
2022-01-14 CVE-2022-20660 Cleartext Storage of Sensitive Information vulnerability in Cisco products
A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device.
low complexity
cisco CWE-312
4.6
2021-10-06 CVE-2021-34711 Path Traversal vulnerability in Cisco products
A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system.
local
low complexity
cisco CWE-22
5.5
2020-04-15 CVE-2020-3161 Improper Input Validation vulnerability in Cisco products
A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition.
network
low complexity
cisco CWE-20
critical
9.8
2020-02-05 CVE-2020-3111 Improper Input Validation vulnerability in Cisco products
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone.
low complexity
cisco CWE-20
8.8
2020-01-26 CVE-2019-16008 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system.
network
low complexity
cisco CWE-79
5.4