Vulnerabilities (CVE)

Filtered by vendor Cisco Subscribe
Filtered by product Unified Ip Phone Firmware
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-0332 1 Cisco 27 Ip Phone 7811, Ip Phone 7821, Ip Phone 7841 and 24 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945.
CVE-2013-6685 1 Cisco 4 Unified Ip Phone 8961, Unified Ip Phone 9951, Unified Ip Phone 9971 and 1 more 2024-11-21 6.6 MEDIUM N/A
The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382.
CVE-2013-3468 1 Cisco 2 Unified Ip Phone 8945, Unified Ip Phone Firmware 2024-11-21 7.8 HIGH N/A
The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote attackers to cause a denial of service (device hang) via a malformed PNG file, aka Bug ID CSCud04270.
CVE-2012-1328 1 Cisco 2 Unified Ip Phone, Unified Ip Phone Firmware 2024-11-21 4.6 MEDIUM N/A
Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 do not properly handle downloads of configuration information to an RT phone, which allows local users to gain privileges via unspecified injected data, aka Bug ID CSCts32237.