Vulnerabilities > Cisco > IP Phone 8800 Series Firmware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-10 | CVE-2018-0461 | Code Injection vulnerability in Cisco IP Phone 8800 Series Firmware 12.5(1) A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. | 8.8 |
| 2017-11-30 | CVE-2017-12328 | Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(0.1) A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. | 5.8 |
| 2017-11-16 | CVE-2017-12305 | OS Command Injection vulnerability in Cisco IP Phone 8800 Series Firmware A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. | 6.7 |
| 2017-05-22 | CVE-2017-6630 | Unspecified vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(0.1) A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.3 |
| 2016-08-22 | CVE-2016-1479 | Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1) Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038. | 7.5 |
| 2016-08-22 | CVE-2016-1476 | Cross-site Scripting vulnerability in Cisco IP Phone 8800 Series Firmware 11.0Base Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024. | 5.4 |
| 2016-06-23 | CVE-2016-1435 | Permissions, Privileges, and Access Controls vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1) Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014. | 7.0 |
| 2016-06-23 | CVE-2016-1434 | Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1) The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010. | 6.5 |
| 2016-06-10 | CVE-2016-1421 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1) A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. | 7.5 |
| 2016-06-04 | CVE-2016-1403 | Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005. | 7.8 |