Vulnerabilities > Cisco > IP Phone 8845 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-20 CVE-2023-20018 Incorrect Authorization vulnerability in Cisco products
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input.
network
low complexity
cisco CWE-863
6.5
2022-01-14 CVE-2022-20660 Cleartext Storage of Sensitive Information vulnerability in Cisco products
A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device.
low complexity
cisco CWE-312
4.6
2021-10-06 CVE-2021-34711 Path Traversal vulnerability in Cisco products
A vulnerability in the debug shell of Cisco IP Phone software could allow an authenticated, local attacker to read any file on the device file system.
local
low complexity
cisco CWE-22
5.5
2021-07-22 CVE-2021-33478 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
The TrustZone implementation in certain Broadcom MediaxChange firmware could allow an unauthenticated, physically proximate attacker to achieve arbitrary code execution in the TrustZone Trusted Execution Environment (TEE) of an affected device.
low complexity
cisco CWE-119
6.8
2020-01-26 CVE-2019-16008 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system.
network
low complexity
cisco CWE-79
5.4
2019-02-21 CVE-2019-1684 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products
A vulnerability in the Cisco Discovery Protocol or Link Layer Discovery Protocol (LLDP) implementation for the Cisco IP Phone 7800 and 8800 Series could allow an unauthenticated, adjacent attacker to cause an affected phone to reload unexpectedly, resulting in a temporary denial of service (DoS) condition.
low complexity
cisco CWE-119
6.5