Vulnerabilities > Cisco > Unified IP Phone 9971
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-07 | CVE-2018-0332 | Unspecified vulnerability in Cisco IP Phone Firmware and Unified IP Phone Firmware A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 5.0 |
| 2015-02-07 | CVE-2015-0602 | Information Exposure vulnerability in Cisco Unified IP Phones 9900 Series Firmware 9.3(2) The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117. | 5.0 |
| 2015-02-07 | CVE-2015-0600 | Improper Input Validation vulnerability in Cisco Unified IP Phones 9900 Series Firmware 9.3(2) The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139. | 5.0 |
| 2015-02-07 | CVE-2015-0604 | Improper Input Validation vulnerability in Cisco products The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424. | 5.0 |
| 2015-02-07 | CVE-2015-0603 | Permissions, Privileges, and Access Controls vulnerability in Cisco Unified IP Phones 9900 Series Firmware 9.3(2) Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing to a phone's filesystem, aka Bug ID CSCup90474. | 4.6 |
| 2015-02-07 | CVE-2015-0601 | Improper Input Validation vulnerability in Cisco products Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow local users to cause a denial of service (device reload) via crafted commands, aka Bug ID CSCup92790. | 4.6 |
| 2014-01-10 | CVE-2014-0658 | Improper Input Validation vulnerability in Cisco products Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898. | 5.4 |
| 2013-11-13 | CVE-2013-6685 | Permissions, Privileges, and Access Controls vulnerability in Cisco products The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382. | 6.6 |
| 2013-10-11 | CVE-2013-5533 | Improper Input Validation vulnerability in Cisco products The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334. | 6.0 |
| 2013-10-11 | CVE-2013-5532 | Improper Input Validation vulnerability in Cisco products Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug ID CSCuh10343. | 5.0 |