The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Cisco IP Phone

security threat CVE-2019-9506

Bluetooth BR/EDR: information disclosure via Key Negotiation

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Key Negotiation of Bluetooth BR/EDR, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 14/08/2019.
Identifiers: CERTFR-2019-AVI-419, CERTFR-2019-AVI-441, CERTFR-2019-AVI-482, CERTFR-2019-AVI-486, CERTFR-2019-AVI-502, CERTFR-2019-AVI-503, CERTFR-2019-AVI-513, CERTFR-2019-AVI-519, CERTFR-2019-AVI-522, CERTFR-2019-AVI-528, CERTFR-2019-AVI-561, CERTFR-2019-AVI-575, cisco-sa-20190813-bluetooth, CVE-2019-9506, DLA-1919-1, DLA-1919-2, DLA-1930-1, HT210346, HT210348, openSUSE-SU-2019:2307-1, openSUSE-SU-2019:2308-1, RHSA-2019:2975-01, RHSA-2019:3055-01, RHSA-2019:3076-01, RHSA-2019:3089-01, RHSA-2019:3165-01, RHSA-2019:3187-01, RHSA-2019:3217-01, RHSA-2019:3218-01, RHSA-2019:3220-01, RHSA-2019:3231-01, RHSA-2019:3309-01, RHSA-2019:3517-01, SUSE-SU-2019:2648-1, SUSE-SU-2019:2651-1, SUSE-SU-2019:2658-1, SUSE-SU-2019:2706-1, SUSE-SU-2019:2710-1, SUSE-SU-2019:2879-1, SUSE-SU-2019:2949-1, SUSE-SU-2019:2950-1, SUSE-SU-2019:2984-1, Synology-SA-19:33, USN-4115-1, USN-4115-2, USN-4118-1, USN-4147-1, VIGILANCE-VUL-30041.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass access restrictions to data via Key Negotiation of Bluetooth BR/EDR, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2019-1922

Cisco IP Phone 7800/8800: denial of service via SIP

Synthesis of the vulnerability

An attacker can send malicious SIP packets to Cisco IP Phone 7800/8800, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 04/07/2019.
Identifiers: CERTFR-2019-AVI-304, cisco-sa-20190703-ip-phone-sip-dos, CSCvc61672, CVE-2019-1922, VIGILANCE-VUL-29690.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can send malicious SIP packets to Cisco IP Phone 7800/8800, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

cybersecurity alert CVE-2019-1635

Cisco IP Phone: denial of service via SIP XML

Synthesis of the vulnerability

An attacker can trigger a fatal error via SIP XML of Cisco IP Phone, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 02/05/2019.
Identifiers: CERTFR-2019-AVI-193, cisco-sa-20190501-phone-sip-xml-dos, CSCvm39405, CSCvo19825, CSCvo21348, CSCvo23532, CVE-2019-1635, VIGILANCE-VUL-29188.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via SIP XML of Cisco IP Phone, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2019-1766

Cisco IP Phone 8800: denial of service via SIP Web Management Interface File Upload

Synthesis of the vulnerability

An attacker can trigger a fatal error via SIP Web Management Interface File Upload of Cisco IP Phone 8800, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 21/03/2019.
Identifiers: cisco-sa-20190320-ipfudos, CSCvo58440, CVE-2019-1766, VIGILANCE-VUL-28796.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via SIP Web Management Interface File Upload of Cisco IP Phone 8800, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2019-1764

Cisco IP Phone 8800: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Cisco IP Phone 8800, in order to force the victim to perform operations.
Severity: 2/4.
Creation date: 21/03/2019.
Identifiers: cisco-sa-20190320-ip-phone-csrf, CSCvn56221, CSCvo57629, CVE-2019-1764, VIGILANCE-VUL-28794.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Cisco IP Phone 8800 product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Cisco IP Phone 8800, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer weakness announce CVE-2019-1683

Cisco IP Phone SPAx: privilege escalation via Certificate Validation

Synthesis of the vulnerability

An attacker can bypass restrictions via Certificate Validation of Cisco IP Phone SPAx, in order to escalate his privileges.
Severity: 2/4.
Creation date: 21/02/2019.
Identifiers: CERTFR-2019-AVI-073, cisco-sa-20190220-ipphone-certs, CSCvm49157, CSCvn17125, CSCvn17128, CVE-2019-1683, VIGILANCE-VUL-28574.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Certificate Validation of Cisco IP Phone SPAx, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2019-1684

Cisco IP Phone 7800/8800: denial of service via CDP/LLDP

Synthesis of the vulnerability

An attacker can trigger a fatal error via CDP/LLDP of Cisco IP Phone 7800/8800, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 21/02/2019.
Identifiers: CERTFR-2019-AVI-073, cisco-sa-20190220-cdp-lldp-dos, CSCvn47250, CSCvo54699, CSCvo55040, CVE-2019-1684, VIGILANCE-VUL-28573.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a fatal error via CDP/LLDP of Cisco IP Phone 7800/8800, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-0461

Cisco IP Phone 8800: privilege escalation via Script Injection

Synthesis of the vulnerability

An attacker can bypass restrictions via Script Injection of Cisco IP Phone 8800, in order to escalate his privileges.
Severity: 2/4.
Creation date: 10/01/2019.
Identifiers: cisco-sa-20190109-phone-script-injection, CSCvm95999, CVE-2018-0461, SA-20190109-0, VIGILANCE-VUL-28208.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Script Injection of Cisco IP Phone 8800, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

cybersecurity announce CVE-2018-15434

Cisco Unified IP Phone 7900: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Unified IP Phone 7900, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 04/10/2018.
Identifiers: CERTFR-2018-AVI-468, cisco-sa-20181003-uipp-7900-xss, CSCvj73657, CVE-2018-15434, VIGILANCE-VUL-27410.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting of Cisco Unified IP Phone 7900, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2018-5391

Linux kernel: denial of service via FragmentSmack

Synthesis of the vulnerability

An attacker can generate a fatal error via FragmentSmack of the Linux kernel, in order to trigger a denial of service.
Severity: 2/4.
Creation date: 16/08/2018.
Identifiers: ADV180022, CERTFR-2018-AVI-390, CERTFR-2018-AVI-392, CERTFR-2018-AVI-419, CERTFR-2018-AVI-457, CERTFR-2018-AVI-478, CERTFR-2018-AVI-533, CERTFR-2019-AVI-233, CERTFR-2019-AVI-242, cisco-sa-20180824-linux-ip-fragment, CVE-2018-5391, DLA-1466-1, DLA-1529-1, DSA-2019-062, DSA-4272-1, FragmentSmack, JSA10917, K74374841, openSUSE-SU-2018:2404-1, openSUSE-SU-2018:2407-1, openSUSE-SU-2019:0274-1, PAN-SA-2018-0012, RHSA-2018:2785-01, RHSA-2018:2791-01, RHSA-2018:2846-01, RHSA-2018:2924-01, RHSA-2018:2925-01, RHSA-2018:2933-01, RHSA-2018:2948-01, RHSA-2018:3083-01, RHSA-2018:3096-01, RHSA-2018:3459-01, RHSA-2018:3540-01, RHSA-2018:3586-01, RHSA-2018:3590-01, sk134253, SUSE-SU-2018:2344-1, SUSE-SU-2018:2374-1, SUSE-SU-2018:2380-1, SUSE-SU-2018:2381-1, SUSE-SU-2018:2596-1, SUSE-SU-2019:0541-1, SUSE-SU-2019:1289-1, SYMSA1467, Synology-SA-18:44, USN-3740-1, USN-3740-2, USN-3741-1, USN-3741-2, USN-3741-3, USN-3742-1, USN-3742-2, USN-3742-3, VIGILANCE-VUL-27009, VU#641765.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can generate a fatal error via FragmentSmack of the Linux kernel, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Cisco IP Phone: