Vulnerabilities > Cisco > IP Phone 7841 Firmware > 12.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-20 | CVE-2023-20018 | Incorrect Authorization vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. | 6.5 |
| 2022-12-12 | CVE-2022-20968 | Out-of-bounds Write vulnerability in Cisco products A vulnerability in the Cisco Discovery Protocol processing feature of Cisco IP Phone 7800 and 8800 Series firmware could allow an unauthenticated, adjacent attacker to cause a stack overflow on an affected device. This vulnerability is due to insufficient input validation of received Cisco Discovery Protocol packets. | 8.8 |
| 2022-01-14 | CVE-2022-20660 | Cleartext Storage of Sensitive Information vulnerability in Cisco products A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. | 4.6 |
| 2021-10-06 | CVE-2021-34711 | Path Traversal vulnerability in Cisco products A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system. | 5.5 |
| 2020-02-05 | CVE-2020-3111 | Improper Input Validation vulnerability in Cisco products A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. | 8.3 |
| 2019-02-21 | CVE-2019-1684 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition. | 6.1 |