Vulnerabilities > Cisco > IP Phone 8800 Series Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-11-30 CVE-2017-12328 Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(0.1)
A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts.
network
low complexity
cisco CWE-20
5.8
5.8
2017-11-16 CVE-2017-12305 OS Command Injection vulnerability in Cisco IP Phone 8800 Series Firmware
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection.
local
low complexity
cisco CWE-78
6.7
6.7
2017-05-22 CVE-2017-6630 Unspecified vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(0.1)
A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
network
low complexity
cisco
5.3
5.3
2016-08-22 CVE-2016-1476 Cross-site Scripting vulnerability in Cisco IP Phone 8800 Series Firmware 11.0Base
Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024.
network
low complexity
cisco CWE-79
5.4
5.4
2016-06-23 CVE-2016-1434 Improper Input Validation vulnerability in Cisco IP Phone 8800 Series Firmware 11.0(1)
The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010.
network
low complexity
cisco CWE-20
6.5
6.5