Cisco IP Phone 8800 Series Firmware 11.0(1)

CPE Details

Cisco IP Phone 8800 Series Firmware 11.0(1)
cisco
ip_phone_8800_series_firmware
11.0\(1\)
2016-04-25
12h07 +00:00
2016-04-25
12h07 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\(1\):*:*:*:*:*:*:*

Informations

Vendor

cisco

Product

ip_phone_8800_series_firmware

Version

11.0\(1\)

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2017-12305 2017-11-16 06h00 +00:00 A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034.
6.7
Moyen
CVE-2016-1479 2016-08-22 08h00 +00:00 Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038.
7.5
Haute
CVE-2016-1434 2016-06-22 22h00 +00:00 The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010.
6.5
Moyen
CVE-2016-1435 2016-06-22 22h00 +00:00 Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.
7
Haute
CVE-2016-1421 2016-06-09 23h00 +00:00 A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
7.5
Haute
CVE-2016-1403 2016-06-04 12h00 +00:00 CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.
7.8
Haute
CVE-2015-6360 2016-04-21 08h00 +00:00 The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.
7.5
Haute
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.