The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco IP Phone

vulnerability CVE-2018-15434

Cisco Unified IP Phone 7900: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Unified IP Phone 7900, in order to run JavaScript code in the context of the web site.
Impacted products: Cisco IP Phone.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 04/10/2018.
Identifiers: CERTFR-2018-AVI-468, cisco-sa-20181003-uipp-7900-xss, CSCvj73657, CVE-2018-15434, VIGILANCE-VUL-27410.

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Unified IP Phone 7900, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-5391

Linux kernel: denial of service via FragmentSmack

Synthesis of the vulnerability

An attacker can generate a fatal error via FragmentSmack of the Linux kernel, in order to trigger a denial of service.
Impacted products: GAiA, SecurePlatform, CheckPoint Security Gateway, Cisco Aironet, IOS XE Cisco, Nexus by Cisco, Prime Collaboration Assurance, Prime Infrastructure, Cisco Router, Secure ACS, Cisco CUCM, Cisco UCS, Cisco Unified CCX, Cisco IP Phone, Cisco Wireless Controller, Debian, BIG-IP Hardware, TMOS, Junos Space, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, openSUSE Leap, Palo Alto Firewall PA***, PAN-OS, RHEL, SUSE Linux Enterprise Desktop, SLES, Symantec Content Analysis, ProxySG by Symantec, Synology DSM, Ubuntu, WindRiver Linux.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 16/08/2018.
Identifiers: ADV180022, CERTFR-2018-AVI-390, CERTFR-2018-AVI-392, CERTFR-2018-AVI-419, CERTFR-2018-AVI-457, CERTFR-2018-AVI-478, CERTFR-2018-AVI-533, cisco-sa-20180824-linux-ip-fragment, CVE-2018-5391, DLA-1466-1, DLA-1529-1, DSA-4272-1, FragmentSmack, JSA10917, K74374841, openSUSE-SU-2018:2404-1, openSUSE-SU-2018:2407-1, PAN-SA-2018-0012, RHSA-2018:2785-01, RHSA-2018:2791-01, RHSA-2018:2846-01, RHSA-2018:2924-01, RHSA-2018:2925-01, RHSA-2018:2933-01, RHSA-2018:2948-01, RHSA-2018:3083-01, RHSA-2018:3096-01, RHSA-2018:3459-01, RHSA-2018:3540-01, RHSA-2018:3586-01, RHSA-2018:3590-01, sk134253, SUSE-SU-2018:2344-1, SUSE-SU-2018:2374-1, SUSE-SU-2018:2380-1, SUSE-SU-2018:2381-1, SUSE-SU-2018:2596-1, SYMSA1467, Synology-SA-18:44, USN-3740-1, USN-3740-2, USN-3741-1, USN-3741-2, USN-3741-3, USN-3742-1, USN-3742-2, USN-3742-3, VIGILANCE-VUL-27009, VU#641765.

Description of the vulnerability

An attacker can generate a fatal error via FragmentSmack of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-0341

Cisco IP Phone: code execution via Shell Command Injection

Synthesis of the vulnerability

An attacker can use a vulnerability via Shell Command Injection of Cisco IP Phone, in order to run code.
Impacted products: Cisco IP Phone.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 12/07/2018.
Identifiers: CERTFR-2018-AVI-341, cisco-sa-20180711-phone-webui-inject, CSCvi51426, CVE-2018-0341, VIGILANCE-VUL-26699.

Description of the vulnerability

An attacker can use a vulnerability via Shell Command Injection of Cisco IP Phone, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0316

Cisco Unified IP Phone: denial of service via Multiplatform Firmware SIP

Synthesis of the vulnerability

An attacker can generate a fatal error via Multiplatform Firmware SIP of Cisco Unified IP Phone, in order to trigger a denial of service.
Impacted products: Cisco IP Phone.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 07/06/2018.
Identifiers: CERTFR-2018-AVI-270, cisco-sa-20180606-multiplatform-sip, CSCvi24718, CVE-2018-0316, VIGILANCE-VUL-26345.

Description of the vulnerability

An attacker can generate a fatal error via Multiplatform Firmware SIP of Cisco Unified IP Phone, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-0332

Cisco Unified IP Phone: denial of service via SIP INVITE

Synthesis of the vulnerability

An attacker can generate a fatal error via SIP INVITE of Cisco Unified IP Phone, in order to trigger a denial of service.
Impacted products: Cisco IP Phone.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 07/06/2018.
Identifiers: CERTFR-2018-AVI-270, cisco-sa-20180606-ip-phone-dos, CVE-2018-0332, VIGILANCE-VUL-26344.

Description of the vulnerability

An attacker can generate a fatal error via SIP INVITE of Cisco Unified IP Phone, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-0325

Cisco IP Phone 7800/8800/8821: denial of service via SIP SDP

Synthesis of the vulnerability

An attacker can generate a fatal error via SIP SDP of Cisco IP Phone 7800/8800/8821, in order to trigger a denial of service.
Impacted products: Cisco IP Phone.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 17/05/2018.
Identifiers: CERTFR-2018-AVI-240, cisco-sa-20180516-ip-phone-dos, CSCvf40066, CSCvj73508, CVE-2018-0325, VIGILANCE-VUL-26155.

Description of the vulnerability

An attacker can generate a fatal error via SIP SDP of Cisco IP Phone 7800/8800/8821, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-12328

Cisco IP Phone 8800: denial of service via SIP

Synthesis of the vulnerability

An attacker can send malicious SIP packets to Cisco IP Phone 8800, in order to trigger a denial of service.
Impacted products: Cisco IP Phone.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 30/11/2017.
Identifiers: cisco-sa-20171129-ipp, CSCvc62590, CVE-2017-12328, VIGILANCE-VUL-24580.

Description of the vulnerability

An attacker can send malicious SIP packets to Cisco IP Phone 8800, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-12305

Cisco IP Phone 8800 Series: code execution via Debug Shell

Synthesis of the vulnerability

An attacker can use a vulnerability via Debug Shell of Cisco IP Phone 8800 Series, in order to run code.
Impacted products: Cisco IP Phone.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 16/11/2017.
Identifiers: cisco-sa-20171115-ipp, CSCvf80034, CVE-2017-12305, VIGILANCE-VUL-24474.

Description of the vulnerability

An attacker can use a vulnerability via Debug Shell of Cisco IP Phone 8800 Series, in order to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-13077 CVE-2017-13078 CVE-2017-13079

WPA2: information disclosure via Key Reinstallation Attacks

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Key Reinstallation Attacks of WPA2, in order to obtain sensitive information.
Impacted products: SNS, iOS by Apple, iPhone, Mac OS X, ArubaOS, Cisco Aironet, Cisco AnyConnect Secure Mobility Client, ASA, Meraki MR***, Cisco IP Phone, Cisco Wireless IP Phone, Debian, Fedora, FortiGate, FortiOS, FreeBSD, Android OS, Junos OS, SSG, Linux, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows (platform) ~ not comprehensive, Windows RT, NetBSD, NetScreen Firewall, ScreenOS, OpenBSD, openSUSE Leap, pfSense, 802.11 protocol, RHEL, RuggedSwitch, SIMATIC, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu, Unix (platform) ~ not comprehensive, WindRiver Linux.
Severity: 3/4.
Consequences: data reading.
Provenance: radio connection.
Number of vulnerabilities in this bulletin: 10.
Creation date: 16/10/2017.
Identifiers: ARUBA-PSA-2017-007, CERTFR-2017-ALE-014, CERTFR-2017-AVI-357, CERTFR-2017-AVI-358, CERTFR-2017-AVI-359, CERTFR-2017-AVI-360, CERTFR-2017-AVI-361, CERTFR-2017-AVI-363, CERTFR-2017-AVI-373, CERTFR-2017-AVI-379, CERTFR-2017-AVI-383, CERTFR-2017-AVI-390, CERTFR-2017-AVI-441, CERTFR-2017-AVI-478, CERTFR-2018-AVI-014, CERTFR-2018-AVI-048, cisco-sa-20171016-wpa, CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088, DLA-1150-1, DLA-1200-1, DLA-1573-1, DSA-3999-1, FEDORA-2017-12e76e8364, FEDORA-2017-45044b6b33, FEDORA-2017-60bfb576b7, FEDORA-2017-cfb950d8f4, FEDORA-2017-fc21e3856b, FG-IR-17-196, FreeBSD-SA-17:07.wpa, HT208221, HT208222, HT208334, HT208394, JSA10827, K-511282, KRACK Attacks, openSUSE-SU-2017:2755-1, openSUSE-SU-2017:2846-1, openSUSE-SU-2017:2896-1, openSUSE-SU-2017:2905-1, openSUSE-SU-2017:3144-1, RHSA-2017:2907-01, RHSA-2017:2911-01, SSA:2017-291-02, SSA-418456, SSA-901333, STORM-2017-005, SUSE-SU-2017:2745-1, SUSE-SU-2017:2752-1, SUSE-SU-2017:2847-1, SUSE-SU-2017:2869-1, SUSE-SU-2017:2908-1, SUSE-SU-2017:2920-1, SUSE-SU-2017:3106-1, SUSE-SU-2017:3165-1, SUSE-SU-2017:3265-1, SUSE-SU-2017:3267-1, SUSE-SU-2018:0040-1, SUSE-SU-2018:0171-1, Synology-SA-17:60, Synology-SA-17:60 KRACK, USN-3455-1, USN-3505-1, VIGILANCE-VUL-24144, VU#228519.

Description of the vulnerability

An attacker can bypass access restrictions to data via Key Reinstallation Attacks of WPA2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2017-6630

Cisco IP Phone 8851: denial of service via SIP CANCEL

Synthesis of the vulnerability

An attacker can send malicious SIP CANCEL packets to Cisco IP Phone 8851, in order to trigger a denial of service.
Impacted products: Cisco IP Phone.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service.
Provenance: intranet client.
Creation date: 18/05/2017.
Identifiers: CERTFR-2017-AVI-160, cisco-sa-20170517-sip, CSCvc34795, CVE-2017-6630, VIGILANCE-VUL-22760.

Description of the vulnerability

The Cisco IP Phone 8851 product has a service to manage received SIP CANCEL packets.

However, when malicious SIP CANCEL packets are received, a fatal error occurs.

An attacker can therefore send malicious SIP CANCEL packets to Cisco IP Phone 8851, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco IP Phone: