Search criteria
27 vulnerabilities found for video_phone_8875_firmware by cisco
FKIE_CVE-2025-20351
Vulnerability from fkie_nvd - Published: 2025-10-15 17:15 - Updated: 2025-12-04 21:26
Severity ?
Summary
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI.
This vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9871_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBBD4E1-CFE3-4C39-BB8F-69B42B4B21CE",
"versionEndIncluding": "3.2\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9871:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D14CF47-7581-40E5-91A1-AC6BB5137358",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9841_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "703E528F-A852-4693-B6FA-507A0D569D00",
"versionEndIncluding": "3.2\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8176E19D-B625-4891-9018-F42228F1266B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9851_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B9D5BB8-24C8-41BF-8FC3-BAD40D83F306",
"versionEndIncluding": "3.2\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9851:-:*:*:*:*:*:*:*",
"matchCriteriaId": "713F43A6-745A-4DAB-AD2D-3139E9E5C1A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9861_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D6CF67-2089-4B1E-B496-A2B91AB79686",
"versionEndIncluding": "3.2\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D01D5F-4EAE-4547-AB41-44F7885491C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A5C0983-4639-48E7-BE52-E69629EB802B",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "49C1673C-6CB2-4058-ABB5-61C68B6E98E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "C207966D-C755-455F-B266-02FAD5CD3412",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C71D54E-2D4A-4AA7-8E93-33214794B0B2",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "53CB357C-26FC-478C-A6BB-C01EDA4F8FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "5B747AA4-D45A-4A8E-BEB1-533CF085D1F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D27D332-69A3-4CFF-AE61-AAA6B31FAFC1",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EBFF992B-88FD-4A4E-89DA-A16C3F19FB6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "88926FA9-41A2-4ECE-992F-B4200694BC7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2072265-6A36-4DB7-8722-C288AFA695FB",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "21DD2C2A-4189-4A2E-9B84-A31D094DB121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "11F0AAF5-913C-4FC2-9345-21F713985F24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D70C616-D775-41EB-BC7D-113F817B22EA",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "74FA2DF8-5B2D-4358-83D6-FA4ED34F68CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "C379DA9E-FEEE-468E-BBE2-7EF498010B30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "371ABCD4-DF50-4815-B02C-38D0505874FD",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F1878209-3703-48F0-B0B1-FC4C775A7899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "62BAFED6-BDE9-47FA-A632-7920A4AD32B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8832_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E59904E5-ED35-4529-A25B-4F45066F7931",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8832_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F8825ECC-7388-4765-9C4D-DECFE571BB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8832_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "D65B08FA-EC50-4324-821E-24648FBC4C5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5EA5C6B-243B-419A-9C60-1CDBD039C1D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C291D5-EEF2-4CEF-9C2D-E4F067AEE5A5",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F71EC81E-DFE7-45D6-8FCD-AD1BBC300E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "965852CD-DBCC-4AAE-AD00-C29B0933005D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50A18EDF-71F8-4B26-B5E7-1742831695E4",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "545BCD72-D075-4280-BC3A-A68C804E5909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "F716386E-44D5-462C-8FB5-FEF754256BC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C56F335-2124-4806-8F30-9C67367BB44D",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "16CB4D33-CCAD-43C2-9214-89483E0B274F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "24DD015B-C863-4F9C-8B97-729272586D87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "196320B1-DC92-4D24-A34F-C1287B8382BE",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D42FA06A-B752-48C7-A8A3-46D92D851FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "63457A22-1F0D-4E01-8D6D-EDAD920E8BE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1144C227-F9E5-4A9A-B0B4-D6801796A61E",
"versionEndExcluding": "11.0\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(0.7\\):mpp:*:*:*:*:*:*",
"matchCriteriaId": "A8385733-697E-4DF6-B283-89C9E139ABF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9E4622EF-D5CA-4971-A3A7-0610C136F160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9737BE7F-D58F-4357-935D-0CB2C8F8BE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(2\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "AF0F671F-8AD4-4279-93D2-258E42147E29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(2\\):sr2:*:*:*:*:*:*",
"matchCriteriaId": "F94CD518-B3C9-4A8D-A05C-70AAC31F3C2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A7E376F6-E3DB-4790-A614-0DD3D2C30B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(3\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "ACF5272C-D17E-45DC-AD36-2B01476FD733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(3\\):sr2:*:*:*:*:*:*",
"matchCriteriaId": "3BF79D9E-D209-49D7-9480-E1BCC5C4608B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(3\\):sr3:*:*:*:*:*:*",
"matchCriteriaId": "F21F74F4-212A-4287-83E7-ACAD6A397341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(3\\):sr4:*:*:*:*:*:*",
"matchCriteriaId": "21AD9FF7-572D-436E-830E-BD45EB845D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(3\\):sr5:*:*:*:*:*:*",
"matchCriteriaId": "73C70E39-1D5B-4DA9-B943-926B6FB916DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(3\\):sr6:*:*:*:*:*:*",
"matchCriteriaId": "C1E80EEB-B92E-4917-895C-E8F726D4AF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B306A2AF-62FC-4A13-8E26-34F26F5B871F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(4\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "2B979E1C-43ED-4272-B969-925216B3064F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(4\\):sr2:*:*:*:*:*:*",
"matchCriteriaId": "B368BCFB-080F-40FD-B607-BCB375CA99B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(4\\):sr3:*:*:*:*:*:*",
"matchCriteriaId": "E48E60D8-2FB7-4676-B5A6-4EBD74608350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D94C3F3F-66F5-480F-8F29-F234F4429557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(5\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "15C40715-097F-4FBE-8FE7-175D173A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(5\\):sr2:*:*:*:*:*:*",
"matchCriteriaId": "4A6E110B-9817-4215-AE12-8988B8594C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(5\\):sr3:*:*:*:*:*:*",
"matchCriteriaId": "3780F193-1823-4E34-80FA-7B69D109ECD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9FDFD3F2-39A0-4554-BD65-779D5155095D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "0A82BD02-5781-489F-8112-DA59E998F36A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr2:*:*:*:*:*:*",
"matchCriteriaId": "3DED54C3-AB49-4030-98C3-4D4BD3D220D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr4:*:*:*:*:*:*",
"matchCriteriaId": "B9C7E266-6BA9-47EB-AF37-0A948C780D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr5:*:*:*:*:*:*",
"matchCriteriaId": "6FC9887F-0F65-4FA5-95A4-95BAB70C03FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr6:*:*:*:*:*:*",
"matchCriteriaId": "097229AD-1840-4AB3-8120-0261DCA50986",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C99E0B-0383-4CB3-B325-EC0F3D57D39D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C76337A0-E138-4227-A0F1-9CF635EECC14",
"versionEndExcluding": "2.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12941DAD-AF8E-4229-9CD2-20537AD7FDD8",
"versionEndIncluding": "3.2\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "907B1846-A9CA-4B63-ADE3-F3168BC05BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "690E8866-FF2F-4C72-8510-1E587B535A42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9019DD-6941-42F3-8B66-1F3CDDDA86E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI.\r\n\r\nThis vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r\nNote: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default."
}
],
"id": "CVE-2025-20351",
"lastModified": "2025-12-04T21:26:51.467",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2025-10-15T17:15:49.060",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-dos-FPyjLV7A"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-20350
Vulnerability from fkie_nvd - Published: 2025-10-15 17:15 - Updated: 2025-12-04 21:29
Severity ?
Summary
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9871_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBBD4E1-CFE3-4C39-BB8F-69B42B4B21CE",
"versionEndIncluding": "3.2\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9871:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D14CF47-7581-40E5-91A1-AC6BB5137358",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9841_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "703E528F-A852-4693-B6FA-507A0D569D00",
"versionEndIncluding": "3.2\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8176E19D-B625-4891-9018-F42228F1266B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9851_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B9D5BB8-24C8-41BF-8FC3-BAD40D83F306",
"versionEndIncluding": "3.2\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9851:-:*:*:*:*:*:*:*",
"matchCriteriaId": "713F43A6-745A-4DAB-AD2D-3139E9E5C1A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9861_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D6CF67-2089-4B1E-B496-A2B91AB79686",
"versionEndIncluding": "3.2\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D01D5F-4EAE-4547-AB41-44F7885491C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A5C0983-4639-48E7-BE52-E69629EB802B",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "49C1673C-6CB2-4058-ABB5-61C68B6E98E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "C207966D-C755-455F-B266-02FAD5CD3412",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C71D54E-2D4A-4AA7-8E93-33214794B0B2",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "53CB357C-26FC-478C-A6BB-C01EDA4F8FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "5B747AA4-D45A-4A8E-BEB1-533CF085D1F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D27D332-69A3-4CFF-AE61-AAA6B31FAFC1",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "EBFF992B-88FD-4A4E-89DA-A16C3F19FB6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "88926FA9-41A2-4ECE-992F-B4200694BC7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2072265-6A36-4DB7-8722-C288AFA695FB",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "21DD2C2A-4189-4A2E-9B84-A31D094DB121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "11F0AAF5-913C-4FC2-9345-21F713985F24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D70C616-D775-41EB-BC7D-113F817B22EA",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "74FA2DF8-5B2D-4358-83D6-FA4ED34F68CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "C379DA9E-FEEE-468E-BBE2-7EF498010B30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "371ABCD4-DF50-4815-B02C-38D0505874FD",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F1878209-3703-48F0-B0B1-FC4C775A7899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "62BAFED6-BDE9-47FA-A632-7920A4AD32B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8832_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E59904E5-ED35-4529-A25B-4F45066F7931",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8832_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F8825ECC-7388-4765-9C4D-DECFE571BB69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8832_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "D65B08FA-EC50-4324-821E-24648FBC4C5E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5EA5C6B-243B-419A-9C60-1CDBD039C1D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C291D5-EEF2-4CEF-9C2D-E4F067AEE5A5",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F71EC81E-DFE7-45D6-8FCD-AD1BBC300E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "965852CD-DBCC-4AAE-AD00-C29B0933005D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50A18EDF-71F8-4B26-B5E7-1742831695E4",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "545BCD72-D075-4280-BC3A-A68C804E5909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "F716386E-44D5-462C-8FB5-FEF754256BC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C56F335-2124-4806-8F30-9C67367BB44D",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "16CB4D33-CCAD-43C2-9214-89483E0B274F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "24DD015B-C863-4F9C-8B97-729272586D87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "196320B1-DC92-4D24-A34F-C1287B8382BE",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:14.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D42FA06A-B752-48C7-A8A3-46D92D851FA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "63457A22-1F0D-4E01-8D6D-EDAD920E8BE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C76337A0-E138-4227-A0F1-9CF635EECC14",
"versionEndExcluding": "2.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12941DAD-AF8E-4229-9CD2-20537AD7FDD8",
"versionEndIncluding": "3.2\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "907B1846-A9CA-4B63-ADE3-F3168BC05BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "690E8866-FF2F-4C72-8510-1E587B535A42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9019DD-6941-42F3-8B66-1F3CDDDA86E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1144C227-F9E5-4A9A-B0B4-D6801796A61E",
"versionEndExcluding": "11.0\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(0.7\\):mpp:*:*:*:*:*:*",
"matchCriteriaId": "A8385733-697E-4DF6-B283-89C9E139ABF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9E4622EF-D5CA-4971-A3A7-0610C136F160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(2\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9737BE7F-D58F-4357-935D-0CB2C8F8BE2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(2\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "AF0F671F-8AD4-4279-93D2-258E42147E29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(2\\):sr2:*:*:*:*:*:*",
"matchCriteriaId": "F94CD518-B3C9-4A8D-A05C-70AAC31F3C2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(3\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A7E376F6-E3DB-4790-A614-0DD3D2C30B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(3\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "ACF5272C-D17E-45DC-AD36-2B01476FD733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(3\\):sr2:*:*:*:*:*:*",
"matchCriteriaId": "3BF79D9E-D209-49D7-9480-E1BCC5C4608B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(3\\):sr3:*:*:*:*:*:*",
"matchCriteriaId": "F21F74F4-212A-4287-83E7-ACAD6A397341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(3\\):sr4:*:*:*:*:*:*",
"matchCriteriaId": "21AD9FF7-572D-436E-830E-BD45EB845D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(3\\):sr5:*:*:*:*:*:*",
"matchCriteriaId": "73C70E39-1D5B-4DA9-B943-926B6FB916DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(3\\):sr6:*:*:*:*:*:*",
"matchCriteriaId": "C1E80EEB-B92E-4917-895C-E8F726D4AF99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(4\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B306A2AF-62FC-4A13-8E26-34F26F5B871F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(4\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "2B979E1C-43ED-4272-B969-925216B3064F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(4\\):sr2:*:*:*:*:*:*",
"matchCriteriaId": "B368BCFB-080F-40FD-B607-BCB375CA99B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(4\\):sr3:*:*:*:*:*:*",
"matchCriteriaId": "E48E60D8-2FB7-4676-B5A6-4EBD74608350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(5\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D94C3F3F-66F5-480F-8F29-F234F4429557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(5\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "15C40715-097F-4FBE-8FE7-175D173A31E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(5\\):sr2:*:*:*:*:*:*",
"matchCriteriaId": "4A6E110B-9817-4215-AE12-8988B8594C50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(5\\):sr3:*:*:*:*:*:*",
"matchCriteriaId": "3780F193-1823-4E34-80FA-7B69D109ECD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9FDFD3F2-39A0-4554-BD65-779D5155095D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "0A82BD02-5781-489F-8112-DA59E998F36A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr2:*:*:*:*:*:*",
"matchCriteriaId": "3DED54C3-AB49-4030-98C3-4D4BD3D220D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr4:*:*:*:*:*:*",
"matchCriteriaId": "B9C7E266-6BA9-47EB-AF37-0A948C780D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr5:*:*:*:*:*:*",
"matchCriteriaId": "6FC9887F-0F65-4FA5-95A4-95BAB70C03FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr6:*:*:*:*:*:*",
"matchCriteriaId": "097229AD-1840-4AB3-8120-0261DCA50986",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C99E0B-0383-4CB3-B325-EC0F3D57D39D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.\r\nNote: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default."
}
],
"id": "CVE-2025-20350",
"lastModified": "2025-12-04T21:29:46.177",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2025-10-15T17:15:48.880",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-dos-FPyjLV7A"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-121"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-20336
Vulnerability from fkie_nvd - Published: 2025-09-03 18:15 - Updated: 2026-01-05 14:49
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability exists because the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. An attacker could exploit this vulnerability by sending a crafted packet to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information from the device.
Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9841_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF49016B-CAE6-4DE4-8449-04869029360B",
"versionEndExcluding": "3.3\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8176E19D-B625-4891-9018-F42228F1266B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9851_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "643F71B7-91EF-433B-A4EE-DC0A4D7ABF03",
"versionEndExcluding": "3.3\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9851:-:*:*:*:*:*:*:*",
"matchCriteriaId": "713F43A6-745A-4DAB-AD2D-3139E9E5C1A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9861_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B218261-3865-4179-A775-2DCF37C713C8",
"versionEndExcluding": "3.3\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D01D5F-4EAE-4547-AB41-44F7885491C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9871_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45174807-089C-4E3C-9C02-1D6D8708BC49",
"versionEndExcluding": "3.3\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9871:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D14CF47-7581-40E5-91A1-AC6BB5137358",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C291D5-EEF2-4CEF-9C2D-E4F067AEE5A5",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "B27034E5-2F4B-4210-8A80-6A6362F8C980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "965852CD-DBCC-4AAE-AD00-C29B0933005D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C71D54E-2D4A-4AA7-8E93-33214794B0B2",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "AC626E90-9019-4180-BE62-047B9864C34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "5B747AA4-D45A-4A8E-BEB1-533CF085D1F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D27D332-69A3-4CFF-AE61-AAA6B31FAFC1",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "C3E84980-7697-4479-A2E9-18E4BF3B991E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "88926FA9-41A2-4ECE-992F-B4200694BC7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2072265-6A36-4DB7-8722-C288AFA695FB",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "80A9D20F-985B-4500-94A8-05DECE565C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "11F0AAF5-913C-4FC2-9345-21F713985F24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D70C616-D775-41EB-BC7D-113F817B22EA",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "967D674B-9925-4AE7-AED6-751046960403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "C379DA9E-FEEE-468E-BBE2-7EF498010B30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "371ABCD4-DF50-4815-B02C-38D0505874FD",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "8CEBC653-2CED-4B2D-9890-B789F33DFE8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "62BAFED6-BDE9-47FA-A632-7920A4AD32B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50A18EDF-71F8-4B26-B5E7-1742831695E4",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "C1B44331-2BA1-402E-9317-8A3C97B646C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "F716386E-44D5-462C-8FB5-FEF754256BC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C56F335-2124-4806-8F30-9C67367BB44D",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "3CE7C15E-BD09-40C4-8187-7E523BFC0899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "24DD015B-C863-4F9C-8B97-729272586D87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851nr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D47B048-D47B-45E1-BD25-C19A6B7CC55A",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851nr_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "247B120C-20A0-4F0D-B9E6-C252ECF6194C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851nr_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "1FD5202B-453C-49E1-A6CD-810C033380BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8851nr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BB2274-7668-4B80-9FF2-EC724C44685B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "196320B1-DC92-4D24-A34F-C1287B8382BE",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "6AD2886B-D249-4B2C-933F-1E81889FB9F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "63457A22-1F0D-4E01-8D6D-EDAD920E8BE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A5C0983-4639-48E7-BE52-E69629EB802B",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "8B1CAB0B-ACB7-4AE1-B21C-FEC8D57F490E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "C207966D-C755-455F-B266-02FAD5CD3412",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C76337A0-E138-4227-A0F1-9CF635EECC14",
"versionEndExcluding": "2.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E930C776-5D3B-4F40-9F38-A8135AA6D9CB",
"versionEndExcluding": "3.3\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "41019D10-27B9-4DA6-9DF3-780D0A7EE75C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "690E8866-FF2F-4C72-8510-1E587B535A42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9019DD-6941-42F3-8B66-1F3CDDDA86E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54AA3288-EAFA-41FB-9532-9BA69C03F130",
"versionEndExcluding": "11.0\\(6\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):-:*:*:*:*:*:*",
"matchCriteriaId": "FBB24293-E296-4ABC-A887-09B741702F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "0A82BD02-5781-489F-8112-DA59E998F36A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr2:*:*:*:*:*:*",
"matchCriteriaId": "3DED54C3-AB49-4030-98C3-4D4BD3D220D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr4:*:*:*:*:*:*",
"matchCriteriaId": "B9C7E266-6BA9-47EB-AF37-0A948C780D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr5:*:*:*:*:*:*",
"matchCriteriaId": "6FC9887F-0F65-4FA5-95A4-95BAB70C03FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr6:*:*:*:*:*:*",
"matchCriteriaId": "097229AD-1840-4AB3-8120-0261DCA50986",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C99E0B-0383-4CB3-B325-EC0F3D57D39D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r\nThis vulnerability exists because the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. An attacker could exploit this vulnerability by sending a crafted packet to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information from the device.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default."
}
],
"id": "CVE-2025-20336",
"lastModified": "2026-01-05T14:49:30.253",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-09-03T18:15:34.637",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-write-g3kcC5Df"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-20335
Vulnerability from fkie_nvd - Published: 2025-09-03 18:15 - Updated: 2026-01-05 14:49
Severity ?
Summary
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device.
This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system.
Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9841_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DF49016B-CAE6-4DE4-8449-04869029360B",
"versionEndExcluding": "3.3\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8176E19D-B625-4891-9018-F42228F1266B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9851_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "643F71B7-91EF-433B-A4EE-DC0A4D7ABF03",
"versionEndExcluding": "3.3\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9851:-:*:*:*:*:*:*:*",
"matchCriteriaId": "713F43A6-745A-4DAB-AD2D-3139E9E5C1A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9861_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B218261-3865-4179-A775-2DCF37C713C8",
"versionEndExcluding": "3.3\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D01D5F-4EAE-4547-AB41-44F7885491C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9871_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45174807-089C-4E3C-9C02-1D6D8708BC49",
"versionEndExcluding": "3.3\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9871:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D14CF47-7581-40E5-91A1-AC6BB5137358",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C71D54E-2D4A-4AA7-8E93-33214794B0B2",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "AC626E90-9019-4180-BE62-047B9864C34E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "5B747AA4-D45A-4A8E-BEB1-533CF085D1F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D27D332-69A3-4CFF-AE61-AAA6B31FAFC1",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "C3E84980-7697-4479-A2E9-18E4BF3B991E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "88926FA9-41A2-4ECE-992F-B4200694BC7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2072265-6A36-4DB7-8722-C288AFA695FB",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "80A9D20F-985B-4500-94A8-05DECE565C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "11F0AAF5-913C-4FC2-9345-21F713985F24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D70C616-D775-41EB-BC7D-113F817B22EA",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "967D674B-9925-4AE7-AED6-751046960403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "C379DA9E-FEEE-468E-BBE2-7EF498010B30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "371ABCD4-DF50-4815-B02C-38D0505874FD",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "8CEBC653-2CED-4B2D-9890-B789F33DFE8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "62BAFED6-BDE9-47FA-A632-7920A4AD32B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C291D5-EEF2-4CEF-9C2D-E4F067AEE5A5",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "B27034E5-2F4B-4210-8A80-6A6362F8C980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "965852CD-DBCC-4AAE-AD00-C29B0933005D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50A18EDF-71F8-4B26-B5E7-1742831695E4",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "C1B44331-2BA1-402E-9317-8A3C97B646C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "F716386E-44D5-462C-8FB5-FEF754256BC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C56F335-2124-4806-8F30-9C67367BB44D",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "3CE7C15E-BD09-40C4-8187-7E523BFC0899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "24DD015B-C863-4F9C-8B97-729272586D87",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851nr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D47B048-D47B-45E1-BD25-C19A6B7CC55A",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851nr_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "247B120C-20A0-4F0D-B9E6-C252ECF6194C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851nr_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "1FD5202B-453C-49E1-A6CD-810C033380BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8851nr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BB2274-7668-4B80-9FF2-EC724C44685B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "196320B1-DC92-4D24-A34F-C1287B8382BE",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "6AD2886B-D249-4B2C-933F-1E81889FB9F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "63457A22-1F0D-4E01-8D6D-EDAD920E8BE5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A5C0983-4639-48E7-BE52-E69629EB802B",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:14.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "8B1CAB0B-ACB7-4AE1-B21C-FEC8D57F490E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "C207966D-C755-455F-B266-02FAD5CD3412",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C76337A0-E138-4227-A0F1-9CF635EECC14",
"versionEndExcluding": "2.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E930C776-5D3B-4F40-9F38-A8135AA6D9CB",
"versionEndExcluding": "3.3\\(1\\)",
"versionStartIncluding": "3.0\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "41019D10-27B9-4DA6-9DF3-780D0A7EE75C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "690E8866-FF2F-4C72-8510-1E587B535A42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9019DD-6941-42F3-8B66-1F3CDDDA86E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54AA3288-EAFA-41FB-9532-9BA69C03F130",
"versionEndExcluding": "11.0\\(6\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):-:*:*:*:*:*:*",
"matchCriteriaId": "FBB24293-E296-4ABC-A887-09B741702F09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "0A82BD02-5781-489F-8112-DA59E998F36A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr2:*:*:*:*:*:*",
"matchCriteriaId": "3DED54C3-AB49-4030-98C3-4D4BD3D220D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr4:*:*:*:*:*:*",
"matchCriteriaId": "B9C7E266-6BA9-47EB-AF37-0A948C780D5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr5:*:*:*:*:*:*",
"matchCriteriaId": "6FC9887F-0F65-4FA5-95A4-95BAB70C03FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr6:*:*:*:*:*:*",
"matchCriteriaId": "097229AD-1840-4AB3-8120-0261DCA50986",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36C99E0B-0383-4CB3-B325-EC0F3D57D39D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device.\r\n\r\nThis vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default."
}
],
"id": "CVE-2025-20335",
"lastModified": "2026-01-05T14:49:25.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2025-09-03T18:15:34.393",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-write-g3kcC5Df"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2025-20158
Vulnerability from fkie_nvd - Published: 2025-02-19 16:15 - Updated: 2025-12-15 21:09
Severity ?
Summary
A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access on the affected device. SSH access is disabled by default.
This vulnerability is due to insufficient validation of user-supplied input by the debug shell of an affected device. An attacker could exploit this vulnerability by sending a crafted SSH client command to the CLI. A successful exploit could allow the attacker to access sensitive information on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | video_phone_8875_firmware | * | |
| cisco | video_phone_8875 | - | |
| cisco | desk_phone_9871_firmware | * | |
| cisco | desk_phone_9871 | - | |
| cisco | desk_phone_9841_firmware | * | |
| cisco | desk_phone_9841 | - | |
| cisco | desk_phone_9851_firmware | * | |
| cisco | desk_phone_9851 | - | |
| cisco | desk_phone_9861_firmware | * | |
| cisco | desk_phone_9861 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18BEE2B2-AD57-4FE7-8029-7CE33A0C77DA",
"versionEndExcluding": "3.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9019DD-6941-42F3-8B66-1F3CDDDA86E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9871_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45FE3C31-2F4E-46D1-A548-AB1962B12A61",
"versionEndExcluding": "3.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9871:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D14CF47-7581-40E5-91A1-AC6BB5137358",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9841_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B907DAAA-EC85-402E-8B9E-D3E5638B917A",
"versionEndExcluding": "3.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8176E19D-B625-4891-9018-F42228F1266B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9851_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AD8D65A-B916-4045-B4BD-D5805901D2FC",
"versionEndExcluding": "3.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9851:-:*:*:*:*:*:*:*",
"matchCriteriaId": "713F43A6-745A-4DAB-AD2D-3139E9E5C1A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9861_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1097D4BB-1E2D-4A22-87C6-2BF3C22CE84D",
"versionEndExcluding": "3.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D01D5F-4EAE-4547-AB41-44F7885491C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access on the affected device. SSH access is disabled by default.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the debug shell of an affected device. An attacker could exploit this vulnerability by sending a crafted SSH client command to the CLI. A successful exploit could allow the attacker to access sensitive information on the underlying operating system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el shell de depuraci\u00f3n de Cisco Video Phone 8875 y Cisco Desk Phone 9800 Series podr\u00eda permitir que un atacante local autenticado acceda a informaci\u00f3n confidencial en un dispositivo afectado. Para explotar esta vulnerabilidad, el atacante debe tener credenciales administrativas v\u00e1lidas con acceso SSH en el dispositivo afectado. El acceso SSH est\u00e1 deshabilitado de forma predeterminada. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario por parte del shell de depuraci\u00f3n de un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un comando de cliente SSH manipulado a la CLI. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder a informaci\u00f3n confidencial en el sistema operativo subyacente."
}
],
"id": "CVE-2025-20158",
"lastModified": "2025-12-15T21:09:51.243",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2025-02-19T16:15:41.017",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-info-disc-YyxsWStK"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-20445
Vulnerability from fkie_nvd - Published: 2024-11-06 17:15 - Updated: 2026-01-05 14:57
Severity ?
Summary
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records.
Note: Web Access is disabled by default.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9841_firmware:3.1\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "9B9A280D-810C-4EC8-BB95-CBD973110119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9841_firmware:3.1\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "3BF40685-7470-42B3-BA19-9E5E76853E24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8176E19D-B625-4891-9018-F42228F1266B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9851_firmware:3.1\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "CC1BAF58-DF67-431A-B5C6-B49D3F36058A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9851_firmware:3.1\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "E8E088EE-4F58-4FE4-BE3F-BA98DEADD9CC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9851:-:*:*:*:*:*:*:*",
"matchCriteriaId": "713F43A6-745A-4DAB-AD2D-3139E9E5C1A0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9861_firmware:3.1\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "02ACF18D-978D-442C-A374-EEE596958199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9861_firmware:3.1\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "8C927E10-6C67-4D51-8520-8373289BCCF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D01D5F-4EAE-4547-AB41-44F7885491C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9871_firmware:3.1\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "B184E05F-7160-4B31-9ABD-612E56077869",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:desk_phone_9871_firmware:3.1\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "4FBDDB5F-78B3-4AF7-A42A-423B1107EE5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:desk_phone_9871:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D14CF47-7581-40E5-91A1-AC6BB5137358",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB40CA0C-A980-476E-BFD5-2DE8A11CC89E",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_conference_phone_7832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6592E7FE-346E-4923-97C2-F5298DC802A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "19D86855-2FE2-4BC0-AD23-42F459E9AE2A",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_conference_phone_8831:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71D931AB-034B-4061-9156-039010ECB648",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ACBAA5BB-BF05-4FDE-B719-BF527F584608",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1010D16-DC6E-47A6-8BF9-C1026D975E3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C71D54E-2D4A-4AA7-8E93-33214794B0B2",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4D27D332-69A3-4CFF-AE61-AAA6B31FAFC1",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2072265-6A36-4DB7-8722-C288AFA695FB",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D70C616-D775-41EB-BC7D-113F817B22EA",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "371ABCD4-DF50-4815-B02C-38D0505874FD",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C291D5-EEF2-4CEF-9C2D-E4F067AEE5A5",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "50A18EDF-71F8-4B26-B5E7-1742831695E4",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C56F335-2124-4806-8F30-9C67367BB44D",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851nr_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D47B048-D47B-45E1-BD25-C19A6B7CC55A",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8851nr:-:*:*:*:*:*:*:*",
"matchCriteriaId": "23BB2274-7668-4B80-9FF2-EC724C44685B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "196320B1-DC92-4D24-A34F-C1287B8382BE",
"versionEndExcluding": "14.3\\(1\\)",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C76337A0-E138-4227-A0F1-9CF635EECC14",
"versionEndExcluding": "2.3\\(1\\)",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\\(1\\):-:*:*:*:*:*:*",
"matchCriteriaId": "41019D10-27B9-4DA6-9DF3-780D0A7EE75C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\\(1\\):sr1:*:*:*:*:*:*",
"matchCriteriaId": "690E8866-FF2F-4C72-8510-1E587B535A42",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9019DD-6941-42F3-8B66-1F3CDDDA86E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records.\r\nNote: Web Access is disabled by default."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de usuario web de los tel\u00e9fonos de escritorio Cisco de la serie 9800, los tel\u00e9fonos IP de la serie 7800 y 8800 de Cisco y el tel\u00e9fono con video Cisco 8875 podr\u00eda permitir que un atacante remoto no autenticado acceda a informaci\u00f3n confidencial en un dispositivo afectado. Esta vulnerabilidad se debe al almacenamiento inadecuado de informaci\u00f3n confidencial dentro de la interfaz de usuario web de las cargas de tel\u00e9fonos basadas en el protocolo de inicio de sesi\u00f3n (SIP). Un atacante podr\u00eda aprovechar esta vulnerabilidad navegando hasta la direcci\u00f3n IP de un dispositivo que tenga habilitado el acceso web. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder a informaci\u00f3n confidencial, incluidos los registros de llamadas entrantes y salientes. Nota: el acceso web est\u00e1 deshabilitado de forma predeterminada."
}
],
"id": "CVE-2024-20445",
"lastModified": "2026-01-05T14:57:31.500",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2024-11-06T17:15:14.830",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-20376
Vulnerability from fkie_nvd - Published: 2024-05-01 17:15 - Updated: 2026-01-05 14:57
Severity ?
Summary
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6305C250-2F7B-4AA4-B33A-9791F8ED4645",
"versionEndExcluding": "2.3.1.0101",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9019DD-6941-42F3-8B66-1F3CDDDA86E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46491D2F-B16E-4994-B9F0-1AF29A5AAFD0",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_6821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFD67F1-8FB1-4F27-8B97-59DF78DE41A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09BAE967-5E57-4A8B-B581-0325C9CA7EC6",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4960B1-22B4-4B3D-955E-684DA520A1A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0CE82B8-ADEF-41B2-813D-3A3CD33E56C6",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5809CA01-CF32-4E3A-A771-01D5065F0061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDB0A67-0DC4-47A5-BB48-2C763C5AE162",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C05A7CA6-AD58-45D7-AF32-129E22855D8E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEAA597-5675-4B3D-BC2B-F0527B5668C1",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:*",
"matchCriteriaId": "864B486C-71F6-4EFD-8F04-BA7FC18DFD5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E237174-1667-4EDD-A3CF-4183319BF4FC",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E780BB38-2430-4B93-A89A-DB0FE280A84D",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7832_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09CCC3C7-779D-4969-B28E-76E4D49E84D9",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32D8B3FD-3157-49D3-A4BA-D4FAAB1B6D4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "772FCFFF-87F0-4D45-80E7-8CEBB648F41D",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7202509-F176-4882-96E6-1F8E9F2AB99A",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "308A0211-846B-4E00-9063-1E4820CE0163",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8832_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30BD59AC-C3E8-4DC1-88B9-86616001897C",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5EA5C6B-243B-419A-9C60-1CDBD039C1D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94B479FF-B77E-47D8-B00B-19AB3BEF451E",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4BFB4E2-4C19-4787-A7EF-23749E34712A",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF6B373-8439-4B5D-94F9-DE776FB6CE77",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90B0B215-E2BA-466E-AAEF-52A413C758F0",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7505654-64D2-40EB-BE53-F7705899D73F",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. \r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del firmware del tel\u00e9fono IP de Cisco podr\u00eda permitir que un atacante remoto no autenticado provoque la recarga de un dispositivo afectado, lo que resultar\u00eda en una condici\u00f3n DoS. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud manipulada a la interfaz de administraci\u00f3n basada en web de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el dispositivo afectado se recargue."
}
],
"id": "CVE-2024-20376",
"lastModified": "2026-01-05T14:57:58.600",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2024-05-01T17:15:28.407",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-20357
Vulnerability from fkie_nvd - Published: 2024-05-01 17:15 - Updated: 2026-01-05 14:57
Severity ?
Summary
A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device.
This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEAA597-5675-4B3D-BC2B-F0527B5668C1",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:*",
"matchCriteriaId": "864B486C-71F6-4EFD-8F04-BA7FC18DFD5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E237174-1667-4EDD-A3CF-4183319BF4FC",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E780BB38-2430-4B93-A89A-DB0FE280A84D",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7832_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09CCC3C7-779D-4969-B28E-76E4D49E84D9",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32D8B3FD-3157-49D3-A4BA-D4FAAB1B6D4C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "772FCFFF-87F0-4D45-80E7-8CEBB648F41D",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B7202509-F176-4882-96E6-1F8E9F2AB99A",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "308A0211-846B-4E00-9063-1E4820CE0163",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8832_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30BD59AC-C3E8-4DC1-88B9-86616001897C",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5EA5C6B-243B-419A-9C60-1CDBD039C1D8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "94B479FF-B77E-47D8-B00B-19AB3BEF451E",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4BFB4E2-4C19-4787-A7EF-23749E34712A",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF6B373-8439-4B5D-94F9-DE776FB6CE77",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90B0B215-E2BA-466E-AAEF-52A413C758F0",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7505654-64D2-40EB-BE53-F7705899D73F",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6305C250-2F7B-4AA4-B33A-9791F8ED4645",
"versionEndExcluding": "2.3.1.0101",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9019DD-6941-42F3-8B66-1F3CDDDA86E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "46491D2F-B16E-4994-B9F0-1AF29A5AAFD0",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_6821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFD67F1-8FB1-4F27-8B97-59DF78DE41A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09BAE967-5E57-4A8B-B581-0325C9CA7EC6",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4960B1-22B4-4B3D-955E-684DA520A1A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0CE82B8-ADEF-41B2-813D-3A3CD33E56C6",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5809CA01-CF32-4E3A-A771-01D5065F0061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDB0A67-0DC4-47A5-BB48-2C763C5AE162",
"versionEndIncluding": "12.0.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C05A7CA6-AD58-45D7-AF32-129E22855D8E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. \r\n\r This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el servicio XML del firmware del tel\u00e9fono IP de Cisco podr\u00eda permitir que un atacante remoto no autenticado inicie llamadas telef\u00f3nicas en un dispositivo afectado. Esta vulnerabilidad existe porque la verificaci\u00f3n de los l\u00edmites no se produce al analizar solicitudes XML. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud XML manipulada a un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante iniciar llamadas o reproducir sonidos en el dispositivo."
}
],
"id": "CVE-2024-20357",
"lastModified": "2026-01-05T14:57:54.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
},
"published": "2024-05-01T17:15:28.143",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2023-20221
Vulnerability from fkie_nvd - Published: 2023-08-16 22:15 - Updated: 2024-11-21 07:40
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system.
This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCC2C53C-D4B2-4DB3-81BC-BEA0AF14355F",
"versionEndExcluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC9019DD-6941-42F3-8B66-1F3CDDDA86E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "DABEA69A-F808-4BFF-BA4B-98B2E6113F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "5A6417B6-D3FC-4FDC-9248-F30B3F4A457F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6D7010-E062-4A1C-8794-9D736FA21FFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAEFE4B-1C61-4B7C-A164-1FAE945202CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "325F2401-7874-4827-8ABC-00791DD76AD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "565CBBAA-2CA6-4FD7-816A-CF422C57E259",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "128A056A-C104-4360-8065-7240F5FB368E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "207F4636-A228-4330-A8C1-82612EC5E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E963CC90-A9BF-4717-985B-869FE77441C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A4FD018C-E3F7-4EDF-AF35-1FE07F54CBAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "116B9C23-D5DF-43A2-9011-CEB5835A7907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "50E1EE42-3AD2-4A34-A2AC-1DB924A1FA23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91681B9B-2458-4A29-86F6-007FBE4E34A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F190764-5225-457A-A129-3AAA68F7B314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "78B8A7DD-6286-4C51-A94D-B591CA5B8DE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA3D40B-3398-40CF-9C37-722100DEC923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F3E220-6797-45F5-9A8D-010F24BCBF1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7D4CFF-8CCE-45FF-9139-481DAF4A48CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "555FB9F8-C587-480B-B044-2037473C2FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "EC4FAC48-4CB5-4EE4-978F-20E10AA854C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF301FF7-5447-4B49-82DC-F0408DE28F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA37B41-CB6D-49E0-8968-944916BE44EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1416F1-4E21-404E-A105-5B5C779633D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA48285-A41A-4A19-9D9A-BCFF178A7B2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "38B73EE8-971C-47CF-817D-FDE2B3861499",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2B35D198-8527-4414-989F-3A4EE601AFD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D62E3B9C-E3B3-4836-888D-97FE1F0EFCB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "4788EED5-4067-4139-A700-142E4AABB2EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4133BCB1-D7DD-4A6F-A8BA-E193E76CE98F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "82058653-1245-4BBB-B821-C0D56A02C54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "C51B3E25-A2BE-458B-AEF6-23B5FE4A5785",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_6821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AEFD67F1-8FB1-4F27-8B97-59DF78DE41A1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "E32AC898-7257-4EF8-95A4-25D439C02448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8BDCB9-4644-4B0C-89A7-13F20718B245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "356954C9-0828-449D-B7C4-397F4CB4FBB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06F05CAC-32C8-43D1-9514-A9D6BA9C4BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "736BC586-41D0-4D71-93EE-953899AFA08F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7499E665-158B-47C4-B53E-98440EE2F444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "40840FDD-E661-4663-8D60-3F8851A0748C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9083DE5F-C1B9-4D68-8A73-46D0F2B9A0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "56729DAA-B823-480F-BB3E-10AF16A5871D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5647C754-620C-4015-8A19-1EA66ECFCCD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6A92A5-8ADB-4382-AB45-0DEDE0561CB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9577C5B7-AC80-417E-A366-F8DB68A69796",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "760B18B5-BEC9-4C69-BC20-28DAD37BD4E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9824121-49C7-46CC-B897-4DFAAE775CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0CB8C01E-1315-48F8-9842-74A563C32126",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "C263130C-904F-4769-8A11-F4873561B13C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C0C169-F647-4BFE-B047-04D157FDD132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAC3B1E6-EC7A-453C-B1BF-9E29C565B6FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D404E3-EC6A-4CE0-8E6F-1000DE2656A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "F6664CAC-171E-4DD3-B373-D15DB450876D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "FFB8E2A8-9968-4E72-8E14-5F8EB8509E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C161FA77-40DA-4C96-A796-2B67A229A2BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD91C45-D0AE-4B52-9E97-66517CEC5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E8176E-1C34-4265-9A9C-2C3201A1F75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5A6FA8-8C64-4D64-A640-C3E964070D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7F8F3A48-073E-4A1D-B9DF-4B45FA993B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3ADDAE0-6E63-4F65-9C14-B4606BA33269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "F170D1B5-F5D4-412B-9194-1F96EB82AA54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AF614C71-A854-456B-9C1F-29BFF6B14371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B88C00D-9577-4FF0-B55C-1891D738EC81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9613F2A-3FE4-42C7-A110-DE23CBB9DFF8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_6825:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E07D81AF-3DF8-4EE4-AE4E-FB875BE14BB4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "FC2BE4E5-BCAF-46C9-8216-C7EB9BCD1345",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "8C30D57A-E458-4EB0-9C20-E336A586E1C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DBADB540-9C35-4FD0-AF82-7980E1B2ADD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C077B45A-0B1E-4DA2-832A-1B201098C445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "A36ADEF8-9844-4F0E-B2BE-D6A786B8A2A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A14EE59-AEB2-48B8-B08E-27FA1ED790D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "252AE700-69D2-4733-91F9-ADB3FEADC579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7EA9FF-CC6C-41FC-AFB0-4AB2B62759E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0A38A681-F887-485B-8AD1-DB50C9F2D1B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FB30CACF-FAE1-4A59-B0C3-8E0DC69EF0F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B781D8DA-0E90-440B-9286-C64E4E546224",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E288B479-ECED-4F62-96E9-D321EBC55238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1C71112F-F96C-4CC4-A8EC-385E67102B69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9673F09-8895-4360-8A2C-26EBCC4E007B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6088BF-42A5-49A9-B0CA-EB359E302549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E35416E6-38D7-4606-9C69-C22C0A15CC1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47CDDBE6-D871-405A-91FF-8B1BCEAC0F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "90C9277D-8BE4-4279-B41D-CE52920A5637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "41B7E367-F879-4C2A-B367-4ABB9CAEDC09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "A4665808-2B19-441B-906D-B45C5E2A01DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "AE8ECE13-617E-48B9-A1CE-F8E7A99FBFEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D822380-B514-4377-8481-33540C442950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "97260119-5BB6-4098-AD24-D85B8DC150FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8BFC6C-FC66-484B-9E6C-B524040090C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0CB6DD-F460-4C12-81C9-4C2B2619A5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7AF1AF7B-6659-4634-B322-D41C2E612A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "025A3CA4-32F8-492D-8201-B261E8B11953",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "40AD64D7-B604-4B85-9E5B-6FE2C5849502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AC8254E1-EB56-4DA3-8F4E-8757B25B60EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1445458-2520-49FF-B082-99D54A2B442B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "E67326C3-A1F9-4F2B-BF3F-48CB7A3F68D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4960B1-22B4-4B3D-955E-684DA520A1A5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "243CC805-613C-470E-B582-B34D606C0067",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "CC7486DE-BC09-43D3-BA2F-0DD3BA5EDA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A93DB06-29F8-410E-8C36-B05B386AB644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FE22B9-1DB4-4838-A0B9-DBCBCE3D11D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF247772-C2E6-4966-9DEA-8F52C579C6D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E845D7A-AB83-4D92-A7B6-EF5A3AEFB379",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A413900-C751-42A3-864C-3BB9D0F24497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7806B918-B0D6-4F28-A16B-42508F9A358E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "FF443808-FE52-4F40-8EE8-2FEB817E101B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "09F181EA-C7E2-4CFF-84AC-B1208FC315C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "65B1C3D9-6EFC-496D-A032-56867FEC87D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D0E21D9-F786-48C6-BBFC-A38037BE6509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF35587-AB88-47CF-AC6E-A4357A00C7C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D0D0AE34-5311-4014-8418-989829131707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "12F86BCF-0776-4427-88B8-9CCBDD7C8C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DBBB40A-1D31-469A-9453-60B0D26FFE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A821497C-51CF-4FA5-B305-F73967B98DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "004E0452-C797-4514-A85B-570BE00F7D21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "6ECB6488-E463-4B2F-A042-77B1EA5F38F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "30CEA593-1AFE-42BD-B9EF-BCB884B76E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "E990D32C-8488-4EEE-A528-FF0AB7A481EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B209B18E-14D0-498D-A440-90308CBDC532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9328205-20BA-4E86-AD7D-E387F4D24643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "410DB7FD-26CE-4CFB-9B0E-D72723EB7B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7AE675AA-9D98-46E0-8F28-6DB19E15A319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E75BFD2B-9596-45A3-9FFA-95EA467A68DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "22AD1216-C14C-4900-ACAF-082FA588A2C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "C3A630A1-0490-448E-A224-83F5F711A10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2E373BBB-28DD-4C6D-AF44-D8E1F03123A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "649A1967-61D3-460D-B69A-C04FF45C3B1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F368949-6CA0-4E08-88BE-4EE65FC426C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5809CA01-CF32-4E3A-A771-01D5065F0061",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "E916637C-7951-4B97-8D09-8AD5819805D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "7472F127-BFF3-401A-957D-27A115768BBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB5E611-1A60-4905-9D7C-0D0ACA16D00A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "207D658F-8EEE-4225-8B99-98A6D9097DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "120A1C31-0997-4E3B-9EB6-24545D54D282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A0C5B601-0F05-463E-A6AD-499CFE0D898C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF1790DF-DFE0-4542-A6B9-E6D7FDBF4B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4855D3B0-0A9F-4282-8F2C-BB8FFFB274F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BC3FCE3-A00B-431E-86CA-669BD878CC0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7731918E-CBE1-4A06-A5F4-E917AA6F4BFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8654298-8F59-4C7E-8CE0-158362691746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E5E4EBF3-3DFC-44C6-A596-3F3CED7D6AA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ECFB53DC-8F34-4380-A800-1CAB05459F4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C26AEE8D-64C9-4010-ABFB-6A624C4C85D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B4FA7637-F229-4331-9E20-5261A715D5C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "718B5D68-CAB7-46B3-92DB-F82EEAAD5AA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "023F69F8-B004-40CE-8CC5-B9DA48041D67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FD479DBD-5567-4E2A-BA3E-88C54B36557E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "884DE708-ADEC-4C67-BABA-5589C498D6F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE984CA-2356-4926-88EB-966A51A7E190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "68A83E84-E46F-494A-B5DC-0AE5990F345B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B79DE0-01EA-41DD-AE61-1954E21FB3D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7183A8A5-E2F8-4B8B-9473-BDE00701504A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "6B2FC572-4BBE-49C2-8747-6B05D9D71611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "54FD0FE5-7B58-4C72-8806-C7C12DD157E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C627B8E5-7DD1-41FE-B100-B299EDEA9D04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "97787F93-231B-407D-B8B5-AD4D441A88B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "929BCBCC-FD70-4FCB-8464-DF4EA54C62DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FC4542F5-CEF6-4315-8488-DC853F9F04EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B8B602B-F136-4188-BFAA-40F4F7009CB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "98E3BC9C-29EC-47AD-ABAF-61182DD3679C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C05A7CA6-AD58-45D7-AF32-129E22855D8E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "319155EB-2E83-4E3B-9344-CFE8F87FFFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "CABCEB46-40BE-41AE-9309-7EDBB1864021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69A356A6-8DF1-451C-B340-D616917CB6E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7BA43F41-FEC3-4554-AA51-952C7495F76E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "C0586121-D5FA-487A-AC4A-A9FA7CB3D5A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D4490F-BC70-42A6-992E-561E79BB4F88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03A8BE52-45F9-45BF-BFD6-5D60ACDA44D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D721451-E61F-4506-8074-879482CEC6C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "2E4F2BD7-4FAC-41F8-9F0D-7AA960DAB8DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C247537A-0143-4C84-B286-E504C3D597DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EE85AB6-5359-44BF-8135-0C1C3E112FE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA349972-CFD3-4D73-991F-D40EC0114DB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8ECD88-DC55-41FA-9168-D4D18C5C95EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "294AB20C-68FE-4760-9426-679D35564B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FC08E877-0E50-4F6C-AD10-00D404D05ED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "E09BA73B-2F17-412F-8F13-0823B3E0F4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "580BEE07-3842-4B93-A593-9EDA5654E97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08CCBCF8-34A5-438C-9D47-5430CE7B9231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB5F276-E28E-458C-B574-04B80B836257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "E76A0966-0B20-4874-AAD4-F9882C4740AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "60D5E553-E050-4EEF-A937-EF823FF5C1B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA1FD438-0B82-4AE2-82F0-F66C10387114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5265784-E97D-4DC2-83A2-3030BA269ED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "8FC0DAA5-EA0D-44BC-B092-7D7B0DEAE300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "77F4BF12-3267-4FF0-90EC-97A749BC5DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58F947BD-5B1F-424F-82D4-4FA0ECFED656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "206107B9-A75E-4025-AD08-1C67A79BBCDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "A58A59BA-F531-41B9-BAFA-085EE678B6B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9FA370-9A6F-43FF-8F81-9FA1E20F570B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "4DFB76AE-13DE-4A28-984D-48203A1CC943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "B94AE3B1-D11D-4606-A90D-8794F1C08F0F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:*",
"matchCriteriaId": "864B486C-71F6-4EFD-8F04-BA7FC18DFD5B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "DAC12C96-4052-47D4-B9C4-6F9E964D503C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "B41C0F3B-E3EA-44E3-8AC4-243518BF2E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CABDE7D0-114F-40BA-BE3D-2548321DCCE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43E0AAD1-BE95-464A-A011-8DD8391B7635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA4D75E-7788-4A82-81FC-B0DC74DDB387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D95B5F-2263-4990-BA8F-F8F42C10C436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D8E15DD-CE4D-4D24-A840-5D39BF3DCA48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F61EA433-3B1D-4EAC-898F-F2BC392E5C54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "A134FEAB-59CA-407C-99F3-3B7BC5AE007E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12AFDD04-CBEA-42FC-AC76-E7578E9D1AE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "265975A3-D905-430A-B37E-FFBF04320605",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2CD131A-AF4F-4993-A296-86FB96C5CF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DCB81153-7067-4894-8733-FF4942D5BEB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8601FEC0-0178-4B5B-930A-72E377A69107",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD56D3CA-5825-4AF7-AAD0-C9AB832E3943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9CE69435-8F8C-43A2-B293-140A9F40167C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3F9C58A5-C9B9-4A18-A9E1-651ECACD68E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "49E0C17E-91DF-4AC5-92D3-4C306BE8F47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "77594E0C-E791-4F73-BC6D-00106F7E8B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "1E047EE7-5717-49D0-A517-8FE3E4D7BB77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "3F0B8F67-E5CD-4046-8AE4-9DA435967FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6261EC02-0290-4CE1-8E7B-14449725136A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FCEB42E3-B3CE-4FAF-9BC3-F4230A6A8082",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "BCD446B0-0B80-4E01-880E-91CB9E1D82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE5C8D7-3BE3-4BAF-969D-054C3ACD88C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5E5C60C9-3B91-4C08-B204-FB276466FCBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CDF0AA53-FB70-4D1E-8239-ED6BEEBD92C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "F780C93B-296B-47DC-ADAD-3964F559C036",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6CEB43-EF96-44D2-8E42-155955BFEF4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC9A9AB-D2E8-4743-A1F4-D6E351412933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA2EF10-1A1E-4FB2-A00E-3570E53EF559",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_conference_phone_7832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6592E7FE-346E-4923-97C2-F5298DC802A3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2D7396-22AB-4E8D-817A-76AA1D8ED48C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "9AA4B443-32F2-483B-969D-9A90DEF37406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06A810B6-0650-48CC-89F3-6F732420D93A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "31CCCD48-AF6A-466D-87E1-266820123DA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0F4F712E-A1EF-479E-BD1C-9F35C37F9526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BFC4715-CC63-4827-AEC7-2440A641C6CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3412CB-A737-4FC5-9C54-8DF5586C719A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EF303D3-879D-430B-9D90-DAA79C3FC78A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F164260A-63DE-4DAD-8DFD-3396ED3D7949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0A2B00-68AE-4A78-AA00-11E6A1F12A35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "86B3695D-2613-4E92-BA29-3E341CF2DE7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "A91DFD5B-FEAB-4894-8799-A755CE06BCFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC16B50-50C5-4868-BFD9-F0BB3D3C91CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8CA3369-438C-4FCE-8766-CE9540383934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "048E8797-DAC8-41D8-985F-FE5A83A8A961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8DC25D-67FE-40AE-BA38-A0FA3FA9A503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "578F74E7-8234-42EF-8211-C3857227EDBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1D603C7E-E740-45DB-999F-83D25F51A8FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A9F3F64-E30E-4BBC-862B-427D8D465624",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "B24EA7FE-E7C0-47BE-B02D-7E8B840D14A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "53CDF5E7-E5F2-4EC6-B4D5-513905B87CBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D6CBEF6-000D-409A-A4E9-6D650AA5257C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5F74C833-16ED-4E26-BDAC-8B5DBCD0055A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B5429B-BEC9-44D7-BF72-028B5272FB4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45E16BCC-A22C-43FA-AA82-19BB8F0AE16C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1E94B4F8-2D71-4C67-AE1F-42D9B441F55E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "297DD17F-C172-4681-A7D0-B73C73036C44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "71AB1DB1-B2D4-4ED2-B070-6C1DB03AB88C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A9048DAF-D539-4187-975E-64C7461FEC75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BDA1C93-1D77-4EA5-9ECB-DA6FEB6BA6E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "F46C1053-BE8B-4117-A084-7AC8940F359D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "D3DA7CE7-C894-41C6-BB20-FF6C4179EADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "73490566-91DE-4B31-A159-D24D7ACF2973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "35C19765-7AC9-49E9-9057-85895D22F827",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "15782A3F-1D76-440E-99C5-BB992E473A66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "451B569C-0670-44D4-8C6F-3361755B0EF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE3C285-8584-45D9-83A6-525D6D8B3073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5F8B2B-1EB3-4C27-9485-3562B66A85F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "16CD80E9-D861-4E16-A194-875E4B9507A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "68DB276A-4B6E-47F8-9030-5D740F6E0766",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4363B65A-9D50-4353-B8B8-ECF2CC1618B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4782D308-FF62-4ECD-B8B0-FD13CFA241A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "701C3763-F0FA-412D-9908-73B1DBE07794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2912370-6F61-4BC6-B939-CF6616997C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "678E05C2-7BB7-4EF4-B3D5-90BCEA2E32DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E15F943A-3492-4480-9AF3-1ED4E9BCC7C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "12DF1455-6F97-4DD0-92FA-31F13C7E5B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAC1711-74B9-415C-A530-2400F22F0701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11A4A14C-2AD8-4B5B-8E86-C59246B360F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "950A77AB-4CB1-4255-8832-3F6D7D220AA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "B80DBBBB-7DCA-4032-899D-FCEB3DC4FBF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC528E3-FC10-4364-85AC-A4168A6AA2BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC10F2B-1965-4826-A82F-2A46C04511C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D824A2EE-D0FC-432B-AB48-F6A4756897DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "6AB3729C-3B70-4D29-A0BA-8EF856307688",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F8384E-A69C-4B42-AF15-A3B69067A150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E11E46B2-9D47-4178-B0A4-C9B8B2AEFF24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "418D5591-6D9B-49DF-80D5-4B9BD8D63619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8D53052-659C-439A-B857-AC773378F6B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "319D55B7-75AF-4F7C-9CBD-CE3CCC426E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6D6353-733E-46A0-B68D-E023BE05F85F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "D30380D4-3A23-4788-A970-43E4D2E6E8A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "F03DD6CC-F7E9-4F85-8B59-FF29AC39143F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "5323790B-7D01-43C2-9F2E-0EA461696E2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "711D5019-EB05-4DAF-BF72-36E17206685A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA81344-8D42-4226-A572-B0A90F564618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED50204-80C3-4F38-9713-DEB8B0CBE112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1564453-362A-475C-811E-65CA3907D568",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E242292E-6874-4CFD-A573-AC3EDFB45746",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "A44D6295-256B-4503-8707-83E6B681C24F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "07047B9E-2F94-4518-BBEC-86E6AC51ADC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "920B9D68-4CC1-4980-9A3C-07C6C90C2011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6DE550A4-9412-4ADC-BA6F-950AD4F72B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "37664783-263B-4EA8-AD01-67B96BFFF553",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF17F64F-F378-4B4A-9C8E-AC44BE0B05F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1FFE9D23-4798-42BE-8D85-8ABE65C862DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE12502-8DB9-4C1A-8BF2-2AA2877A5BDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6E6DB5-F415-402E-A296-C49FCF33883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2809B892-17B1-4A0A-9E15-1725A8E6997D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2EB1C5-2D36-4A6D-8F92-223F46CBD056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "23C6474E-4F9D-48ED-A03F-DB087BAE0B64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "1C294B37-610D-4B5C-8ABB-F90129B7BE70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA3F04CF-F9CB-4830-ACEF-FFDA432C627F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C81514B-DA75-4906-A70A-543645975B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0B4EE2EF-AEBE-4B44-830C-C6C104782152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "634D85D7-CA54-4121-8109-E8EDC35A41EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E43CE640-9139-4910-845F-D61B03E3BCB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "90F0B54D-EA6C-4137-A344-7B85CA3E0A83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0272102B-CC8F-4519-A199-8FCC4BEEE9E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "549F3BBF-2DB0-4C74-9A9F-6FB5382E5189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "912231AA-C393-4975-8989-652F5F793685",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "82249A4D-4640-4D25-A69A-F5F2612665F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "56425029-060F-4220-8716-417B8D8F9845",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "5F449238-0BD2-422D-AFA6-9443E6C4A8C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "3CEE1353-D87B-4CD3-AFD4-82BC5423D91B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F889562-3DD3-443A-8590-50BF86AA4F76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69DDB246-F153-45AD-BE18-AF7636774D05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "02F84C06-CE22-4F0C-B808-FB04BCCA54C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FC501BB9-D464-4955-B70E-0B2A7A33C9BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "25558840-42E0-466C-B7CB-A7B9B20B15EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "10942B52-81ED-46F8-A2BD-2BD37A9117BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4FA6BD-B1C0-453E-BDAE-735CD915A2A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8826F8C0-2056-4144-993E-96517F83B9CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "059EC856-BA67-437C-BE1A-0F161C402EA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB4FB0F0-08E0-4017-9EDD-04D85A3C9544",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1409B505-E7EB-4FCB-825D-68FCA2A33579",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA7AEF19-A419-42A8-916B-62A09F3FB16E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "91D3F598-B3B3-4B6C-8EFD-2F8B71386A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "DBCBE62D-1BDD-48EC-9BD5-ABE505C21668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "80191538-8561-4A6B-8E61-12C7C0E56A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C4B2C94-562D-4095-9C30-D0607AB73274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A9D1167-C959-4BE9-BC3A-6F5B2B02D0B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6ECC98-63F7-44D7-B1F1-A5BAF06C765B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB291B1-D3AF-4847-B1C3-42C393B5144E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4620A953-1FBA-4493-99C8-D7EA33684677",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6BCA71C3-A320-4AC3-A076-573B3E76217B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "45F69715-462F-46E6-A43D-78E55E85D49C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A0E4A4-491A-41CA-9AA9-A250F9FD5928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "60420060-F3E9-4267-8298-AD27F83753DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3165D2DB-0D52-4CE0-B068-2FC29C2D910E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "545E3FBA-A50F-4464-9522-2A122F6024E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F2C175B-8477-455D-A3F4-F1BBA93ED1E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE7287B-ABED-4F89-99C9-B379A8B3AFC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "63044AC4-E62D-441E-BCFE-16BD2BF958E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "925B4CDD-D482-442E-A092-0593F7E8BC86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "05335BA3-C452-42A5-8494-1A0815F94003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8032D5B8-8A2F-42F0-BA5B-389297AD1BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "927B3871-9E88-4C1A-A0E8-035AB5114FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0350E26B-3410-46CB-9FA5-D97BE4453A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "199F9108-3831-4E6D-8163-F9E91DED3EB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA02306-07BA-45C3-9390-7F2595C1A44B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98AF51-57CC-4613-BC16-039602548F57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C57350A-E295-4140-B67F-B9CDA6BC5C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9CFF0D9B-A151-45A8-8410-F242FCA0F776",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "95146F05-4807-414F-A650-09751DF44770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "284DFB55-8FAD-4586-B91C-68C94B2689A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1EC232-6DF6-467A-8264-249899B93692",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D39942C-A7A6-45FA-AAD9-5373DBBC2713",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B22FA4A8-D59F-4E5E-A7F1-73AA9D15326F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "992CAE24-643E-4CD1-A2CA-44664C1DCDCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7CE092C1-6DE4-4C0A-9120-3E67A48878B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D3CA5CA-069B-4A09-9118-9ABE3D06AF5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "D715A726-527F-4ABC-BBA3-116E6B0DC65F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "15CD8AFF-4ADD-4105-B719-604A2050C4D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "DA097C40-F063-409A-B355-4721EAD12DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C62E6970-DEF3-4A8E-BDB1-3A297C42736D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8A05054E-1743-46B0-BA2A-50E0DF42544A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "783F63E0-3BB0-4770-AB01-A4A1127A4FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B11A2C76-28EB-405F-9C03-B71C92C3ED23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "667C9C62-4E06-4420-A04C-0566D18FD0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "528FDCE1-E110-46BA-82C5-BF9F92CBF3B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "93CCEA69-D71F-4620-A59D-96DE286EDA78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "05BCA2FB-FE1F-427A-983D-EAE585BF7C3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5E95D0-E4EA-4E8D-ADF7-B8E3654E3AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7986EA2-5C2D-44F7-99F7-2F3EE0F1557D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_conference_phone_8831:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71D931AB-034B-4061-9156-039010ECB648",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "44840ADC-C771-411D-BC4B-4D885F483C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "75A0A159-1F94-4767-9BFC-43CDF9FB5213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C41A449C-F8B7-461C-B7DA-9A240C157A07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AEF4B3AF-D0E8-42D8-8586-742C870D371C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "71DAB4BC-C020-4C03-891A-D7450B786598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "31D3046B-8C6C-44FB-A231-AEEA9168B54B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "603B3EB7-5E27-4E65-87A1-91E94AE088B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4743476E-B76F-4AC5-A5AF-4E49B2D3C2E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3460D6-D43E-436F-B01A-FFDFABB46830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9ECBE27D-A7FB-4F3B-A19E-3DA2D99BEF34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7CFD51-3F85-44AE-888C-4F8372E45D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F18B906D-F88D-42F7-8BA1-145EDB2401AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2F3CAC-10F6-4D64-90C9-E46DD672F2AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "350D9A32-911E-49E6-915E-9210A5560150",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F58F39B0-E8E3-4AE0-960F-C6C28D92C505",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A3783B1-AFAD-46C8-939E-53AD6234AFAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9325345E-8FB3-4360-83BB-FEFA2904DD3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA9B687-BE83-4597-AC7E-A2E0FE705415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "5AE24180-48E8-4B95-B6E8-EF3C900D87D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "B0CB76DA-9077-4D6B-B555-60F695511743",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "3B9BAB23-FAF3-47F9-952D-207211A7C115",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "70F8D873-703A-43C9-9EFE-CA57A795046B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C772D6D9-F6B4-4A32-B49E-F2C10404A384",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "05645278-6903-4C42-B1F4-116615976113",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01E1B2D4-06E2-4584-BF76-7F6FAA21F06D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0218B816-6FA1-4BE0-BC6E-277C17A5DB67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E5726EB4-B1B6-4DF9-9263-D8B5742CEBCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "E345118F-4326-4A07-BF68-E59407589AF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E4087699-0424-4C5B-83F9-399E2781381A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "60C056BA-9EF4-4D89-A7EE-96A8A0592266",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "B25E6A71-08F9-477C-B313-235CE19935D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1010D16-DC6E-47A6-8BF9-C1026D975E3D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "F1B4FFE4-C7E2-4224-81AA-CE310D6F5B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF5AFA3-DA14-41A9-8969-EC08578A7B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0477E171-F551-4C6D-ACDD-9F73F236A26C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "051C4B11-1134-4593-9C06-A4F7F2086D31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0066BE4B-A511-4BC6-8208-B9C102C1D3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B3DE1C-20A0-4FC2-8E9B-19FEB6170BF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "664E161A-1639-46D0-B624-E82B94F6F3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "649BEEA8-7C75-4D54-B9F7-B7109C491CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "2293C16C-4253-47DC-8B34-BCB6D5345D69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D6BDAEE-9392-4572-A3B6-289B7C7E8DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6187843-9D97-49FA-A324-98A826427160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A87A43-8FD6-41A4-8401-4436CCA82509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "97330FB4-0A61-44EB-A4E2-44CE8A0BE152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "572569A3-2B98-4C99-B881-536E5BCAA92E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D41E9AE-DE06-4C37-BB2B-63D324E1E19B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "105A04F5-8225-497B-BA54-9C833348B2C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "16FCCD31-EC94-48B7-B891-6C9B6A4D3E59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CEA972AB-B368-4D07-AFDD-0BEC951FD759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "11D76A00-20A1-4EF6-8250-A65EE320102D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "6A81EE63-1E69-4361-8196-8360B7CC4AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "919074CD-DEB5-45BC-9069-FC38934FD3A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9D6A89A-AC97-4261-8A9D-AA629927078A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AC5B6D6D-5AD3-4D42-99D0-77CFA898B01A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C8D6DF2-DBE3-4D46-A047-54AFDAB0F6F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5E4DDA-E4C8-4161-A3D9-CB1473FAA918",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "AD8D45B2-5FB0-42FB-9724-B8F036D3EA56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A4ADDCF0-6D19-45B0-9C5F-DE8D6D210F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "73DA8441-972F-48D9-8155-0532438B7504",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF826B4-1829-423D-AB48-9A19B0F2F304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "325EB932-6054-4B55-BA14-8A704E26BA6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "271A5A6C-B5CC-447D-AF06-64592BA186F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8800_key_expansion_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CDF3D2A-D68A-4B0B-B16F-9B137FE2E1C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9BAFC5-C637-4E1F-A2FC-73EDD24708F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC2AF6D-8C20-43C9-ABC1-A1B33B2DDD6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F038B43-4F5D-4A5F-9C4E-7F0DFABB7AA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "10D0168D-2E5D-4EC3-9026-E2B00DC2057C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B68874B5-4985-4A55-A49E-E73C53B3CB73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "340E76AE-9AF2-4AE4-945C-BBD6FEA0C4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "723573C1-35C3-43CC-8FE6-01B8686192D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "619BD39F-10FC-43D1-A862-456586C3A430",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F045224E-23BC-46BF-91BB-E12B286E3334",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "674AACDC-48EE-4A29-8871-952D508F9F34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B929BC34-3B5B-445F-9C95-B84E65490CF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9566B3B3-3B42-4750-9B2A-4F84D918982E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CFD4BC35-E46F-4E87-8710-5807D8923394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "489726C9-307A-49E0-9B9F-A26A9D3BA5E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A98DA9-E72D-4F15-B008-C1A40518D83B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8FFDF6D-DB3E-44FF-8C9B-0D8548AE8804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "80E92704-41D9-4802-BEF2-607DD2635854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F02588C-C56D-4951-9949-CE62A151A5F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "BB74D839-CFB2-4D28-8445-0151C6B14D03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "B019D8C7-6B34-4A15-86BE-260B80EC89A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "69C612BF-029B-4873-AE41-C107309D189D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB08A151-98D4-42F8-B14B-E0C2847EBD30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0760E92B-16B7-4177-BD1F-5A22EA1CFDDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "715B53F0-099D-45C0-ABF3-91028C2AEA69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "436BC808-6B54-4387-9575-42F80E2A925A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4BC1BAB7-9825-4A91-9441-EC13D55DB648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB25358B-589D-43DD-A20A-9C4193140A8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "31FB0596-C9E0-42D5-AB6D-B8B82A1EEE4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "88058E00-C3D9-464E-A226-3B97BBCF9E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E87B6F7-0753-40F9-8E2B-858D626B3E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "511B3B6E-528A-4D84-B0DA-13EEF484CC4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "3C296AAB-FC65-46D8-94D4-BB728C419FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "B778707D-02EE-4FC1-8406-CA79039A602D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6DCB1EF2-67A1-4159-8FC5-8A155061CEE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E67F17E2-B5CD-40D5-BDB6-122AC9B3E4E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EC84E9F-53F0-43EE-BB11-66FF0C01A392",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ECBEC8C6-8617-4745-8847-E676E634A37E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E7735FC0-FE8A-49FE-AD35-4A15514B2E1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "35ECAFB3-E81D-4B72-8A9F-926D4E30B2FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0384CB13-ACA2-4219-B61A-CE472AEC42A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "762D42CE-E175-4099-99D9-C27DF4DDC96D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78565A2-2F03-43EC-A290-BDE534DC7142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC50185-33A4-45A0-8FCA-DEB9EDEADED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F397C5C0-8DA9-41C9-8531-821F098AD203",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E5F2E80-52C5-431E-803E-9D91D4A48549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F890F47E-575C-47C1-9658-95A0CF6C35DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "5981CF41-2548-4323-AEE0-B1E827F346DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A67BB3-DFFC-4117-B01E-96F04D90F44E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "551BCF57-8461-4EB9-864A-94D306CC748C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "0C804C84-5E61-4445-B7B5-435BD367836A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "1A6C776A-B236-48C2-8F55-C8CC0E0B3621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "A4B584F0-5381-407A-B087-1143BED263AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BF6CEF1D-8ACB-460D-89C2-B259CBBB4A50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9B9AA167-B21A-47EA-BA0A-C690548A0D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B261AAC-212F-4924-AEAB-088254B2A943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "841F097C-A61C-4954-9081-5F81F8AC71AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "657CF7A8-A81D-4F07-BD15-4AA056ED564C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CC3D3F94-718B-40A5-8029-1F9401B1DD3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE2F35E-AF83-47E3-8135-49DA4D059C4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DB2FB07B-9EB3-45C0-B647-FF2FDEE7E0E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9FF6B0F-7CD2-4720-831B-9CAB2F0E3CBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1163A0-F4AF-4A5A-9F3D-AB7148210B9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "5E62050E-83EF-4FB9-94B4-4F2F015BF876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "8D1A84BC-B4F9-4C55-9DFE-C6F8D780BC03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFEB151-C625-4460-BB36-D0F96AC3ED39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48C2F7ED-64A3-4451-BCA4-129B103C4563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "045AD916-F7BD-47AF-A4F7-65220DD7A6A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0237D11B-5932-4278-85A1-804DC35C1607",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5D214888-2441-41C1-B4CD-E27B7EDEC1BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3ED5C195-CBF4-4FB5-9D5D-7C7089386A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "18BE37E3-529A-4116-BEF5-3CB64A516FC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F33CEEE-9108-40CC-85B8-B0F5EEB66E7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D60C4195-A37B-4F60-9E90-6DD683DC77EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7EAE6495-1E91-45F3-9C77-01C8988E1D53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E037CCA1-F4A3-4ADD-B1FC-C15DE2B1FDCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F9CA9A-1129-4EED-BC24-05C63CF120ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FF1568C6-188E-4E0F-B226-75ACB9AABA91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD63F11-5C36-46F8-9526-C842D114AB48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE7645F-F4A5-444D-BF6F-A3005170E6E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B4FBE26B-1254-464E-A94F-1DDE40DED972",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CFC1CEF-54B3-44F5-9A22-6A8C414B19BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "33BB0E64-BA3F-4693-96DF-967EBB4F5D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2779379-8297-4580-A38E-9EFF46E662CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D9E04-3F48-4ED0-9740-BB43DF730432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE05035-B3A3-45DA-AA8D-B39AA1051A82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0A8B53C-8C75-42AF-ACEF-C57B93B34A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FEA0573C-190D-4B22-9BBB-A715E02D3A67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "34A30151-4114-4D93-BDE5-5A6DFDFD66E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F1412B71-4295-4C69-82C8-A8FAC4812C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE61C8BC-10AA-4FD3-BCD4-89B519D06CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "D03762E2-C3D1-46AD-A319-4E9D12BF3CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "B13317BC-3BF3-471A-AE5A-B97622B6EB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D79ED3-6D47-407A-B22A-6752C9F06168",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "2D7D7C6F-9E65-4C9C-9CAF-2677D3DAB422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "C4FBC2AD-0CC6-4C56-BE96-0A5FBCD9A3EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "75B5C3F4-D573-4FDE-A626-EE7D4449B0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0947C0AD-DBB1-44A9-A4E9-714C030FE48A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7F831E4-7DD8-4840-A797-EC25BA20FC95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B41968BF-F0CF-4D0F-9E28-FF7012507248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "073457DF-0B68-4EB4-B494-D00AD4941E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5C5C7F-E37C-4F74-9C4F-4B510D7675D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF442016-A3A0-4170-B90D-D51065ECF4A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAAE48DF-0CA1-4AED-ADA4-C68193BFD30B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD2086B-C210-4764-B30A-53DE87A7581D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "4585B8D2-209B-4037-BC17-435429A33981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E9CAC5-F2AF-44F5-8D16-D9ECBAA42023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FA06D8E8-B9D6-4D0E-9835-B9FF748D99BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DD5E5A9-35F6-49C4-8AF1-76034E7A14C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "29923F8D-10A0-419C-9971-5A6911A785E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "60681C28-C0CC-4530-B8F0-C480D990CF7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9588942C-49B2-4CDE-86BE-351043B8952A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "7868ECBC-3A91-4C9B-B434-A906A3E4933D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F1FFCEE-5733-4FA8-82FA-100CA9356C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "39838207-BFCF-4D50-8F0D-CB1F803713DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "035D8DAD-28C8-4F17-A111-6F3A9ED0F794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1C479BF8-CB2A-4FED-B73E-37E196D7020A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "100B2F4E-52AB-4C95-A498-F264DB882FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA22313-0B4B-4A9D-BDEF-F9E973C26552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9E3AFA22-0827-422B-A000-8AECDC25C4DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "052EC44A-48DA-42BF-8122-4F538273A8A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "20E83CE0-FD4A-4020-A6C2-676EFD5A3AD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "52A82461-6C35-4059-87D3-08CA394F0F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "4699E9BA-AF1B-4821-820C-9DA874BEF387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "16828690-DAAE-4EB8-A9D3-2A49FAAEFA5D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "B4C42B43-CA61-48DD-8478-43592FFA06B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "31AD798B-D1F0-4767-960D-AE1366B09A3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1AECEE3E-AC32-4260-BE9C-289B77870502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A9E3D5-B353-4D95-9A72-41E160759C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3A859DE9-C63D-436A-8C4E-BE1EEE142B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A215146-4551-4451-A386-07855B0D72B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "67E59E08-4822-482A-96F1-02F677B914FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B7562C0-549F-4886-816C-888E2FA30C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8A2029-8EE7-4B79-9B03-5B05CE3FCFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C425B776-A41E-4B0C-AA63-30B64880205D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "CE63C747-7D82-4888-853A-13F5BC6EFFFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "31B41E13-1595-4259-9FB9-294796B82909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "28080BE5-408C-4A1F-A7C2-3088AF52DA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FCC13A2-DC3A-4EE2-9009-A2B034CC5205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8ACB3B4-9DD1-4FB3-B861-46C5D4338EB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "641D178B-8C9A-4373-8789-FE161DF8739A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AFB1AD40-1B4C-407F-A1B6-99EDF5CD5856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0CAE8C11-F27B-495F-A6A7-775BD020A238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "59977D01-EE5D-4581-849D-C9C14049FFD8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "E49A4D27-FA03-4C4C-B382-617F6FF3E9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "46E1AF65-4336-4286-AC98-8B9A7ACAF1D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FD49880C-A06E-43DD-9FBE-34F6E53AA05A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D09028-B17E-4702-996D-D20F9A159873",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "46E7C7B9-E3A9-4C8C-B25C-D27017CA0921",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "325F91DB-B2EC-4646-A8E8-564B1190E043",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7970E2B7-9D5B-423C-8AD8-8051C1D0873E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E6C316E6-995D-4EE9-9E89-C6A99D0999FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "292E3DA4-87C6-4FAC-996B-B01BCCC2C149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "794FC736-3712-438C-B208-32C52023CF76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "C644985A-337F-4A2C-8895-CF0CC868A3FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA00562-A4EC-4B41-84D4-827AAE38B8C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8851_key_expansion_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7AB0894B-04B2-4E6D-940F-2CCDABE962C9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "68C3B91E-6440-4F33-8CF4-0A903EC08566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1CAC22-A0CE-4B13-82B6-E12C0A318D1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "080645B2-DBA1-4F6F-B72E-A5383EBE9842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CDB3DBE4-FB2D-4AF2-9964-5BA11ACAE094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3363A0F6-D438-42E4-BB59-DE04D5A23C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9B96B5E6-787C-4AC1-8490-D6B6591A0BEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8B0C04C-AE09-4EDB-9D19-7F316261E07E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABC5AA9F-7156-4EF5-AFA3-84F9AEE740E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "37D3428D-F68D-4346-9FE5-3042956067A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EF666268-4180-484A-86D2-44DF7F4F8273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DC98996-05DC-479E-ABA8-5F076CF62678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "C96268A7-3251-4455-A95B-07DF5D6D38DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2A9953-BE93-4D3C-9EEC-0547D7F8A390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "72E33F84-55FE-4462-949A-888F0A28A06E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "51E0CC4F-7291-4F85-A2FF-E0CCC24CF3EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C77029-0751-4D8D-B32E-57AE37D018DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6D40D4BB-A6BC-428B-BB9E-BBD9D1560F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB93FA3-06C6-4284-BFAF-F0095D67BACF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A4D891-6A4C-4B07-86B2-0995038477D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "C128AB7D-D91C-4C9C-9992-A43C131F41D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC595D4-B946-48BC-98C5-38715A5E4719",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3394B29C-1845-41D3-A9AB-46599A2D087D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8DA5D7B9-86AE-42F9-904C-91C7EDFA2792",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "53D54ACA-AB7A-476B-B8BC-3B8B20D80DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "390D943A-C4C7-4412-9714-3EEF97A1EB7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A1A9E67-A782-412D-9479-043F4997D7A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8E10B2-C291-4D38-863A-5E6F16C19128",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "DDC7EEFE-4A03-4510-845E-3ED2369B0C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7AED7945-34E0-406D-8DB1-90E0EEFC32FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC8F6449-440E-46DE-9D16-70AE472E5A5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E555AFA-9E35-410F-ABEC-651A21F0B044",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8861_key_expansion_module:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF034C01-310E-4B64-B8DC-B6054B0D26DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "24B726C0-D2D9-45FF-8EA9-1F1293BF9302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "EA860D6B-D4B1-43E5-8ADC-F39001E49DDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C8D8C98-B8CE-421D-96EA-A6F98D3B22AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33AF04F5-439D-4021-8DE6-0BC1ECCB9D29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "70EB545F-5773-4782-A16D-0EB78E63BDAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE2F7BB8-128C-4DB5-98FD-D2C38FFECF4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D7AB8752-7651-4882-8AFD-464DE6BCA85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6325756-0929-48EB-867B-365E9E261A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F371DF3-3786-40A6-A270-3B8CACE55D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4939E8F9-D100-44BA-93E4-3D2110B0C45B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "0940A9D7-1ACA-4B7E-9934-2E034464A971",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "3DA1B884-2093-4A45-BC6A-60D35136FDAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "615928B2-F08D-43DA-8F98-0EB9717E86FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41D85B75-3956-4DB6-84AB-3EC94D9B8319",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "ED1C83C6-9AD9-4DBA-B9D3-8A6866AB147F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD8CDF57-621D-4CE0-AE81-CA69648A448E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ACD0F966-FF5B-4922-ABE9-70E04B293D51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19B36C31-FF01-41AE-A287-58743F0EC1B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "34B22E1A-D8CA-4050-8E88-060BB6DEA096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "EE476131-EA5F-451F-B499-CBDBDDBA9509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "ABB71861-BF39-4253-9376-8AA8DA531471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22B483D7-F410-4AAD-BA82-1556BDE3709A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5038C3F1-AF13-447A-B609-85258A01FFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A1D0189-6E94-4DB7-8372-39A132136A17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D413B0-A268-4FEC-998A-A0A36F632CBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F9317E-DFB8-4C8C-A885-23C655F088A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "46F5F10C-F765-463F-896D-A8453F92FD83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "C47A3B86-E1AA-453C-9651-188070EDFCD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0E852D82-72A8-4785-B048-A14ACEE99ED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5B9999-9921-4FB2-8DCE-6835CAFFC1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "FB4F9FB3-6A31-4DF2-B582-B4C115767CDF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
"matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11-3-1mppsr4upg:*:*:*:*:*:*:*",
"matchCriteriaId": "01ED00F8-0BED-4EEB-846F-51422E085F81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11-3-1msr2upg:*:*:*:*:*:*:*",
"matchCriteriaId": "D029FECC-148F-4E90-9F7D-DB7A589AD5A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D7D6BD-9E28-49D4-836D-1A5CAC1F78E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BA1F35-7AF6-46B1-98A1-AE2AD5237707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.0.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "641AF1DA-4942-403D-B4A2-9AF87C176466",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D6A64B-C659-47BE-8B66-5BCADB33D45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BAF5125D-0A04-4EB7-A7AA-1F566D286F17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.1.1_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "842EB3DC-A278-442F-A3A9-45F815AE1D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.1.1_msr2-1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF2D1336-2EF7-4280-A594-EF4647C8DD1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8DAB9B94-5D57-46F8-A522-7CABB0147883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.1.2_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "443D04F5-370D-4812-91CD-ECDEA64AA526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.1.2_msr3-1:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD6B837-5BA1-49E0-BE6B-DC344E05CE52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57D33673-18B6-4D99-970A-BC72DB1E5909",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "065D7046-E8EE-43F6-9942-18BC65A088E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86B059BF-F869-4C3D-848A-1CE9B96A3A91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.2.3_msr1-1:*:*:*:*:*:*:*",
"matchCriteriaId": "078CD00D-7CFB-4F2A-96B2-DB111971A0CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF27471D-9C51-40AA-A037-30808A94A400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32E65419-104F-467D-88CA-8800BAC94187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.3.1_msr1-3:*:*:*:*:*:*:*",
"matchCriteriaId": "F68E0B54-0508-4816-88C8-07F54526CCE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.3.1_msr2-6:*:*:*:*:*:*:*",
"matchCriteriaId": "0871D409-AF8C-40D1-8AEA-A7892791895D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.3.1_msr3-3:*:*:*:*:*:*:*",
"matchCriteriaId": "B1FA15F7-AE16-4902-BE48-BD1C84DBD82F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "87CCB121-43BD-4A08-8C63-D7F662F6F983",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "19A339A7-4144-4C62-AEF5-7431FA61172B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.3.3_msr1:*:*:*:*:*:*:*",
"matchCriteriaId": "D4BEC729-829D-4417-98FB-9260D77F3236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE164423-2BBB-46E8-A491-A265302178A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8F932654-D828-478F-8CD2-7789A478C906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7F4AC678-AB74-4EAF-830E-79ABD38E5930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.3.6sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7DB1393-A655-4B92-BE70-9824E92E66A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7F97F322-FE43-45C6-A2BC-33BC0ACFDD52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.3.7sr1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA89E75D-674E-449B-AEE5-54CE5B6B4DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:11.3.7sr2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B61A939-4E74-496A-8D33-AE42B4602203",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition."
}
],
"id": "CVE-2023-20221",
"lastModified": "2024-11-21T07:40:55.780",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-16T22:15:11.687",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-csrf-HOCmXW2c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-csrf-HOCmXW2c"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-20351 (GCVE-0-2025-20351)
Vulnerability from cvelistv5 ā Published: 2025-10-15 16:15 ā Updated: 2025-10-15 17:43
VLAI?
Title
Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI.
This vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Session Initiation Protocol (SIP) Software |
Affected:
12.1(1)SR1
Affected: 11.5(1) Affected: 10.3(2) Affected: 10.2(2) Affected: 10.3(1) Affected: 10.3(1)SR4 Affected: 11.0(1) Affected: 10.4(1)SR2 3rd Party Affected: 11.7(1) Affected: 12.1(1) Affected: 11.0(0.7) MPP Affected: 9.3(4) 3rd Party Affected: 12.5(1)SR2 Affected: 10.2(1)SR1 Affected: 9.3(4)SR3 3rd Party Affected: 10.2(1) Affected: 12.5(1) Affected: 10.3(1)SR2 Affected: 11-0-1MSR1-1 Affected: 10.4(1) 3rd Party Affected: 12.5(1)SR1 Affected: 11.5(1)SR1 Affected: 10.1(1)SR2 Affected: 12.0(1)SR2 Affected: 12.6(1) Affected: 10.3(1.11) 3rd Party Affected: 12.0(1) Affected: 12.0(1)SR1 Affected: 9.3(3) Affected: 12.5(1)SR3 Affected: 10.3(1)SR4b Affected: 9.3(4)SR1 3rd Party Affected: 10.3(1)SR5 Affected: 10.1(1.9) Affected: 10.3(1.9) 3rd Party Affected: 9.3(4)SR2 3rd Party Affected: 10.3(1)SR1 Affected: 10.3(1)SR3 Affected: 10.1(1)SR1 Affected: 12.0(1)SR3 Affected: 12.6(1)SR1 Affected: 12.7(1) Affected: 10.3(1)SR6 Affected: 12.8(1) Affected: 12.7(1)SR1 Affected: 11.0(2)SR1 Affected: 11.0(4) Affected: 11.0(2) Affected: 11.0(4)SR3 Affected: 11.0(5) Affected: 11.0(3)SR2 Affected: 11.0(3)SR4 Affected: 11.0(3)SR3 Affected: 11.0(2)SR2 Affected: 11.0(4)SR1 Affected: 11.0(5)SR3 Affected: 11.0(3) Affected: 11.0(5)SR2 Affected: 11.0(3)SR6 Affected: 11.0(5)SR1 Affected: 11.0(4)SR2 Affected: 11.0(3)SR1 Affected: 11.0(3)SR5 Affected: 11.0(6) Affected: 12.8(1)SR1 Affected: 12.8(1)SR2 Affected: 14.0(1) Affected: 14.0(1)SR1 Affected: 11.0(6)SR1 Affected: 10.3(1)SR7 Affected: 14.0(1)SR2 Affected: 14.1(1) Affected: 14.0(1)SR3 Affected: 11.0(6)SR2 Affected: 14.1(1)SR1 Affected: 14.1(1)SR2 Affected: 11.0(6)SR4 Affected: 14.2(1) Affected: 14.2(1)SR1 Affected: 11.0(6)SR5 Affected: 14.1(1)SR3 Affected: 14.2(1)SR2 Affected: 3.1(1) Affected: 3.0(1) Affected: 2.3(1) Affected: 2.3(1)SR1 Affected: 2.2(1) Affected: 2.1(1) Affected: 2.0(1) Affected: 14.2(1)SR3 Affected: 3.1(1)SR1 Affected: 14.3(1) Affected: 3.2(1) Affected: 14.3(1)SR1 Affected: 14.2(1)SR4 Affected: 11.0(6)SR6 Affected: 14.3(1)SR2 Affected: 14.3(1)SR3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20351",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T17:41:21.666555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T17:43:25.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Session Initiation Protocol (SIP) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.1(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.3(1)SR4"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "10.4(1)SR2 3rd Party"
},
{
"status": "affected",
"version": "11.7(1)"
},
{
"status": "affected",
"version": "12.1(1)"
},
{
"status": "affected",
"version": "11.0(0.7) MPP"
},
{
"status": "affected",
"version": "9.3(4) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR2"
},
{
"status": "affected",
"version": "10.2(1)SR1"
},
{
"status": "affected",
"version": "9.3(4)SR3 3rd Party"
},
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "10.3(1)SR2"
},
{
"status": "affected",
"version": "11-0-1MSR1-1"
},
{
"status": "affected",
"version": "10.4(1) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)SR1"
},
{
"status": "affected",
"version": "10.1(1)SR2"
},
{
"status": "affected",
"version": "12.0(1)SR2"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "10.3(1.11) 3rd Party"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)SR1"
},
{
"status": "affected",
"version": "9.3(3)"
},
{
"status": "affected",
"version": "12.5(1)SR3"
},
{
"status": "affected",
"version": "10.3(1)SR4b"
},
{
"status": "affected",
"version": "9.3(4)SR1 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR5"
},
{
"status": "affected",
"version": "10.1(1.9)"
},
{
"status": "affected",
"version": "10.3(1.9) 3rd Party"
},
{
"status": "affected",
"version": "9.3(4)SR2 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR3"
},
{
"status": "affected",
"version": "10.1(1)SR1"
},
{
"status": "affected",
"version": "12.0(1)SR3"
},
{
"status": "affected",
"version": "12.6(1)SR1"
},
{
"status": "affected",
"version": "12.7(1)"
},
{
"status": "affected",
"version": "10.3(1)SR6"
},
{
"status": "affected",
"version": "12.8(1)"
},
{
"status": "affected",
"version": "12.7(1)SR1"
},
{
"status": "affected",
"version": "11.0(2)SR1"
},
{
"status": "affected",
"version": "11.0(4)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "11.0(4)SR3"
},
{
"status": "affected",
"version": "11.0(5)"
},
{
"status": "affected",
"version": "11.0(3)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR4"
},
{
"status": "affected",
"version": "11.0(3)SR3"
},
{
"status": "affected",
"version": "11.0(2)SR2"
},
{
"status": "affected",
"version": "11.0(4)SR1"
},
{
"status": "affected",
"version": "11.0(5)SR3"
},
{
"status": "affected",
"version": "11.0(3)"
},
{
"status": "affected",
"version": "11.0(5)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR6"
},
{
"status": "affected",
"version": "11.0(5)SR1"
},
{
"status": "affected",
"version": "11.0(4)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR1"
},
{
"status": "affected",
"version": "11.0(3)SR5"
},
{
"status": "affected",
"version": "11.0(6)"
},
{
"status": "affected",
"version": "12.8(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR2"
},
{
"status": "affected",
"version": "14.0(1)"
},
{
"status": "affected",
"version": "14.0(1)SR1"
},
{
"status": "affected",
"version": "11.0(6)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR7"
},
{
"status": "affected",
"version": "14.0(1)SR2"
},
{
"status": "affected",
"version": "14.1(1)"
},
{
"status": "affected",
"version": "14.0(1)SR3"
},
{
"status": "affected",
"version": "11.0(6)SR2"
},
{
"status": "affected",
"version": "14.1(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR2"
},
{
"status": "affected",
"version": "11.0(6)SR4"
},
{
"status": "affected",
"version": "14.2(1)"
},
{
"status": "affected",
"version": "14.2(1)SR1"
},
{
"status": "affected",
"version": "11.0(6)SR5"
},
{
"status": "affected",
"version": "14.1(1)SR3"
},
{
"status": "affected",
"version": "14.2(1)SR2"
},
{
"status": "affected",
"version": "3.1(1)"
},
{
"status": "affected",
"version": "3.0(1)"
},
{
"status": "affected",
"version": "2.3(1)"
},
{
"status": "affected",
"version": "2.3(1)SR1"
},
{
"status": "affected",
"version": "2.2(1)"
},
{
"status": "affected",
"version": "2.1(1)"
},
{
"status": "affected",
"version": "2.0(1)"
},
{
"status": "affected",
"version": "14.2(1)SR3"
},
{
"status": "affected",
"version": "3.1(1)SR1"
},
{
"status": "affected",
"version": "14.3(1)"
},
{
"status": "affected",
"version": "3.2(1)"
},
{
"status": "affected",
"version": "14.3(1)SR1"
},
{
"status": "affected",
"version": "14.2(1)SR4"
},
{
"status": "affected",
"version": "11.0(6)SR6"
},
{
"status": "affected",
"version": "14.3(1)SR2"
},
{
"status": "affected",
"version": "14.3(1)SR3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI.\r\n\r\nThis vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r\nNote: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T16:15:18.666Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-phone-dos-FPyjLV7A",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-dos-FPyjLV7A"
}
],
"source": {
"advisory": "cisco-sa-phone-dos-FPyjLV7A",
"defects": [
"CSCwn51683"
],
"discovery": "INTERNAL"
},
"title": "Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20351",
"datePublished": "2025-10-15T16:15:18.666Z",
"dateReserved": "2024-10-10T19:15:13.257Z",
"dateUpdated": "2025-10-15T17:43:25.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20350 (GCVE-0-2025-20350)
Vulnerability from cvelistv5 ā Published: 2025-10-15 16:15 ā Updated: 2025-10-15 17:42
VLAI?
Title
Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Denial of Service Vulnerability
Summary
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.
Severity ?
7.5 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Session Initiation Protocol (SIP) Software |
Affected:
12.1(1)SR1
Affected: 11.5(1) Affected: 10.3(2) Affected: 10.2(2) Affected: 10.3(1) Affected: 10.3(1)SR4 Affected: 11.0(1) Affected: 10.4(1)SR2 3rd Party Affected: 11.7(1) Affected: 12.1(1) Affected: 11.0(0.7) MPP Affected: 9.3(4) 3rd Party Affected: 12.5(1)SR2 Affected: 10.2(1)SR1 Affected: 9.3(4)SR3 3rd Party Affected: 10.2(1) Affected: 12.5(1) Affected: 10.3(1)SR2 Affected: 11-0-1MSR1-1 Affected: 10.4(1) 3rd Party Affected: 12.5(1)SR1 Affected: 11.5(1)SR1 Affected: 10.1(1)SR2 Affected: 12.0(1)SR2 Affected: 12.6(1) Affected: 10.3(1.11) 3rd Party Affected: 12.0(1) Affected: 12.0(1)SR1 Affected: 9.3(3) Affected: 12.5(1)SR3 Affected: 10.3(1)SR4b Affected: 9.3(4)SR1 3rd Party Affected: 10.3(1)SR5 Affected: 10.1(1.9) Affected: 10.3(1.9) 3rd Party Affected: 9.3(4)SR2 3rd Party Affected: 10.3(1)SR1 Affected: 10.3(1)SR3 Affected: 10.1(1)SR1 Affected: 12.0(1)SR3 Affected: 12.6(1)SR1 Affected: 12.7(1) Affected: 10.3(1)SR6 Affected: 12.8(1) Affected: 12.7(1)SR1 Affected: 11.0(2)SR1 Affected: 11.0(4) Affected: 11.0(2) Affected: 11.0(4)SR3 Affected: 11.0(5) Affected: 11.0(3)SR2 Affected: 11.0(3)SR4 Affected: 11.0(3)SR3 Affected: 11.0(2)SR2 Affected: 11.0(4)SR1 Affected: 11.0(5)SR3 Affected: 11.0(3) Affected: 11.0(5)SR2 Affected: 11.0(3)SR6 Affected: 11.0(5)SR1 Affected: 11.0(4)SR2 Affected: 11.0(3)SR1 Affected: 11.0(3)SR5 Affected: 11.0(6) Affected: 12.8(1)SR1 Affected: 12.8(1)SR2 Affected: 14.0(1) Affected: 14.0(1)SR1 Affected: 11.0(6)SR1 Affected: 10.3(1)SR7 Affected: 14.0(1)SR2 Affected: 14.1(1) Affected: 14.0(1)SR3 Affected: 11.0(6)SR2 Affected: 14.1(1)SR1 Affected: 14.1(1)SR2 Affected: 11.0(6)SR4 Affected: 14.2(1) Affected: 14.2(1)SR1 Affected: 11.0(6)SR5 Affected: 14.1(1)SR3 Affected: 14.2(1)SR2 Affected: 3.1(1) Affected: 3.0(1) Affected: 2.3(1) Affected: 2.3(1)SR1 Affected: 2.2(1) Affected: 2.1(1) Affected: 2.0(1) Affected: 14.2(1)SR3 Affected: 3.1(1)SR1 Affected: 14.3(1) Affected: 3.2(1) Affected: 14.3(1)SR1 Affected: 14.2(1)SR4 Affected: 11.0(6)SR6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T17:42:26.123690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T17:42:59.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Session Initiation Protocol (SIP) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.1(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.3(1)SR4"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "10.4(1)SR2 3rd Party"
},
{
"status": "affected",
"version": "11.7(1)"
},
{
"status": "affected",
"version": "12.1(1)"
},
{
"status": "affected",
"version": "11.0(0.7) MPP"
},
{
"status": "affected",
"version": "9.3(4) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR2"
},
{
"status": "affected",
"version": "10.2(1)SR1"
},
{
"status": "affected",
"version": "9.3(4)SR3 3rd Party"
},
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "10.3(1)SR2"
},
{
"status": "affected",
"version": "11-0-1MSR1-1"
},
{
"status": "affected",
"version": "10.4(1) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)SR1"
},
{
"status": "affected",
"version": "10.1(1)SR2"
},
{
"status": "affected",
"version": "12.0(1)SR2"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "10.3(1.11) 3rd Party"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)SR1"
},
{
"status": "affected",
"version": "9.3(3)"
},
{
"status": "affected",
"version": "12.5(1)SR3"
},
{
"status": "affected",
"version": "10.3(1)SR4b"
},
{
"status": "affected",
"version": "9.3(4)SR1 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR5"
},
{
"status": "affected",
"version": "10.1(1.9)"
},
{
"status": "affected",
"version": "10.3(1.9) 3rd Party"
},
{
"status": "affected",
"version": "9.3(4)SR2 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR3"
},
{
"status": "affected",
"version": "10.1(1)SR1"
},
{
"status": "affected",
"version": "12.0(1)SR3"
},
{
"status": "affected",
"version": "12.6(1)SR1"
},
{
"status": "affected",
"version": "12.7(1)"
},
{
"status": "affected",
"version": "10.3(1)SR6"
},
{
"status": "affected",
"version": "12.8(1)"
},
{
"status": "affected",
"version": "12.7(1)SR1"
},
{
"status": "affected",
"version": "11.0(2)SR1"
},
{
"status": "affected",
"version": "11.0(4)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "11.0(4)SR3"
},
{
"status": "affected",
"version": "11.0(5)"
},
{
"status": "affected",
"version": "11.0(3)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR4"
},
{
"status": "affected",
"version": "11.0(3)SR3"
},
{
"status": "affected",
"version": "11.0(2)SR2"
},
{
"status": "affected",
"version": "11.0(4)SR1"
},
{
"status": "affected",
"version": "11.0(5)SR3"
},
{
"status": "affected",
"version": "11.0(3)"
},
{
"status": "affected",
"version": "11.0(5)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR6"
},
{
"status": "affected",
"version": "11.0(5)SR1"
},
{
"status": "affected",
"version": "11.0(4)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR1"
},
{
"status": "affected",
"version": "11.0(3)SR5"
},
{
"status": "affected",
"version": "11.0(6)"
},
{
"status": "affected",
"version": "12.8(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR2"
},
{
"status": "affected",
"version": "14.0(1)"
},
{
"status": "affected",
"version": "14.0(1)SR1"
},
{
"status": "affected",
"version": "11.0(6)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR7"
},
{
"status": "affected",
"version": "14.0(1)SR2"
},
{
"status": "affected",
"version": "14.1(1)"
},
{
"status": "affected",
"version": "14.0(1)SR3"
},
{
"status": "affected",
"version": "11.0(6)SR2"
},
{
"status": "affected",
"version": "14.1(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR2"
},
{
"status": "affected",
"version": "11.0(6)SR4"
},
{
"status": "affected",
"version": "14.2(1)"
},
{
"status": "affected",
"version": "14.2(1)SR1"
},
{
"status": "affected",
"version": "11.0(6)SR5"
},
{
"status": "affected",
"version": "14.1(1)SR3"
},
{
"status": "affected",
"version": "14.2(1)SR2"
},
{
"status": "affected",
"version": "3.1(1)"
},
{
"status": "affected",
"version": "3.0(1)"
},
{
"status": "affected",
"version": "2.3(1)"
},
{
"status": "affected",
"version": "2.3(1)SR1"
},
{
"status": "affected",
"version": "2.2(1)"
},
{
"status": "affected",
"version": "2.1(1)"
},
{
"status": "affected",
"version": "2.0(1)"
},
{
"status": "affected",
"version": "14.2(1)SR3"
},
{
"status": "affected",
"version": "3.1(1)SR1"
},
{
"status": "affected",
"version": "14.3(1)"
},
{
"status": "affected",
"version": "3.2(1)"
},
{
"status": "affected",
"version": "14.3(1)SR1"
},
{
"status": "affected",
"version": "14.2(1)SR4"
},
{
"status": "affected",
"version": "11.0(6)SR6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.\r\nNote: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T16:15:10.244Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-phone-dos-FPyjLV7A",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-dos-FPyjLV7A"
}
],
"source": {
"advisory": "cisco-sa-phone-dos-FPyjLV7A",
"defects": [
"CSCwn51601"
],
"discovery": "INTERNAL"
},
"title": "Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20350",
"datePublished": "2025-10-15T16:15:10.244Z",
"dateReserved": "2024-10-10T19:15:13.257Z",
"dateUpdated": "2025-10-15T17:42:59.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20335 (GCVE-0-2025-20335)
Vulnerability from cvelistv5 ā Published: 2025-09-03 17:41 ā Updated: 2025-09-03 17:56
VLAI?
Title
Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Arbitrary File Write Vulnerability
Summary
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device.
This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system.
Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.
Severity ?
5.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Session Initiation Protocol (SIP) Software |
Affected:
12.1(1)SR1
Affected: 11.5(1) Affected: 10.3(2) Affected: 10.2(2) Affected: 10.3(1) Affected: 10.3(1)SR4 Affected: 11.0(1) Affected: 10.4(1)SR2 3rd Party Affected: 11.7(1) Affected: 12.1(1) Affected: 11.0(0.7) MPP Affected: 9.3(4) 3rd Party Affected: 12.5(1)SR2 Affected: 10.2(1)SR1 Affected: 9.3(4)SR3 3rd Party Affected: 10.2(1) Affected: 12.5(1) Affected: 10.3(1)SR2 Affected: 11-0-1MSR1-1 Affected: 10.4(1) 3rd Party Affected: 12.5(1)SR1 Affected: 11.5(1)SR1 Affected: 10.1(1)SR2 Affected: 12.0(1)SR2 Affected: 12.6(1) Affected: 10.3(1.11) 3rd Party Affected: 12.0(1) Affected: 12.0(1)SR1 Affected: 9.3(3) Affected: 12.5(1)SR3 Affected: 10.3(1)SR4b Affected: 9.3(4)SR1 3rd Party Affected: 10.3(1)SR5 Affected: 10.1(1.9) Affected: 10.3(1.9) 3rd Party Affected: 9.3(4)SR2 3rd Party Affected: 10.3(1)SR1 Affected: 10.3(1)SR3 Affected: 10.1(1)SR1 Affected: 12.0(1)SR3 Affected: 12.6(1)SR1 Affected: 12.7(1) Affected: 10.3(1)SR6 Affected: 12.8(1) Affected: 12.7(1)SR1 Affected: 11.0(2)SR1 Affected: 11.0(4) Affected: 11.0(2) Affected: 11.0(4)SR3 Affected: 11.0(5) Affected: 11.0(3)SR2 Affected: 11.0(3)SR4 Affected: 11.0(3)SR3 Affected: 11.0(2)SR2 Affected: 11.0(4)SR1 Affected: 11.0(5)SR3 Affected: 11.0(3) Affected: 11.0(5)SR2 Affected: 11.0(3)SR6 Affected: 11.0(5)SR1 Affected: 11.0(4)SR2 Affected: 11.0(3)SR1 Affected: 11.0(3)SR5 Affected: 11.0(6) Affected: 12.8(1)SR1 Affected: 12.8(1)SR2 Affected: 14.0(1) Affected: 14.0(1)SR1 Affected: 11.0(6)SR1 Affected: 10.3(1)SR7 Affected: 14.0(1)SR2 Affected: 14.1(1) Affected: 14.0(1)SR3 Affected: 11.0(6)SR2 Affected: 14.1(1)SR1 Affected: 14.1(1)SR2 Affected: 11.0(6)SR4 Affected: 14.2(1) Affected: 14.2(1)SR1 Affected: 11.0(6)SR5 Affected: 14.1(1)SR3 Affected: 14.2(1)SR2 Affected: 3.1(1) Affected: 3.0(1) Affected: 2.3(1) Affected: 2.3(1)SR1 Affected: 2.2(1) Affected: 2.1(1) Affected: 2.0(1) Affected: 14.2(1)SR3 Affected: 3.1(1)SR1 Affected: 14.3(1) Affected: 3.2(1) Affected: 14.3(1)SR1 Affected: 14.2(1)SR4 Affected: 11.0(6)SR6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T17:56:52.918108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T17:56:55.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Session Initiation Protocol (SIP) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.1(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.3(1)SR4"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "10.4(1)SR2 3rd Party"
},
{
"status": "affected",
"version": "11.7(1)"
},
{
"status": "affected",
"version": "12.1(1)"
},
{
"status": "affected",
"version": "11.0(0.7) MPP"
},
{
"status": "affected",
"version": "9.3(4) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR2"
},
{
"status": "affected",
"version": "10.2(1)SR1"
},
{
"status": "affected",
"version": "9.3(4)SR3 3rd Party"
},
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "10.3(1)SR2"
},
{
"status": "affected",
"version": "11-0-1MSR1-1"
},
{
"status": "affected",
"version": "10.4(1) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)SR1"
},
{
"status": "affected",
"version": "10.1(1)SR2"
},
{
"status": "affected",
"version": "12.0(1)SR2"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "10.3(1.11) 3rd Party"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)SR1"
},
{
"status": "affected",
"version": "9.3(3)"
},
{
"status": "affected",
"version": "12.5(1)SR3"
},
{
"status": "affected",
"version": "10.3(1)SR4b"
},
{
"status": "affected",
"version": "9.3(4)SR1 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR5"
},
{
"status": "affected",
"version": "10.1(1.9)"
},
{
"status": "affected",
"version": "10.3(1.9) 3rd Party"
},
{
"status": "affected",
"version": "9.3(4)SR2 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR3"
},
{
"status": "affected",
"version": "10.1(1)SR1"
},
{
"status": "affected",
"version": "12.0(1)SR3"
},
{
"status": "affected",
"version": "12.6(1)SR1"
},
{
"status": "affected",
"version": "12.7(1)"
},
{
"status": "affected",
"version": "10.3(1)SR6"
},
{
"status": "affected",
"version": "12.8(1)"
},
{
"status": "affected",
"version": "12.7(1)SR1"
},
{
"status": "affected",
"version": "11.0(2)SR1"
},
{
"status": "affected",
"version": "11.0(4)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "11.0(4)SR3"
},
{
"status": "affected",
"version": "11.0(5)"
},
{
"status": "affected",
"version": "11.0(3)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR4"
},
{
"status": "affected",
"version": "11.0(3)SR3"
},
{
"status": "affected",
"version": "11.0(2)SR2"
},
{
"status": "affected",
"version": "11.0(4)SR1"
},
{
"status": "affected",
"version": "11.0(5)SR3"
},
{
"status": "affected",
"version": "11.0(3)"
},
{
"status": "affected",
"version": "11.0(5)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR6"
},
{
"status": "affected",
"version": "11.0(5)SR1"
},
{
"status": "affected",
"version": "11.0(4)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR1"
},
{
"status": "affected",
"version": "11.0(3)SR5"
},
{
"status": "affected",
"version": "11.0(6)"
},
{
"status": "affected",
"version": "12.8(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR2"
},
{
"status": "affected",
"version": "14.0(1)"
},
{
"status": "affected",
"version": "14.0(1)SR1"
},
{
"status": "affected",
"version": "11.0(6)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR7"
},
{
"status": "affected",
"version": "14.0(1)SR2"
},
{
"status": "affected",
"version": "14.1(1)"
},
{
"status": "affected",
"version": "14.0(1)SR3"
},
{
"status": "affected",
"version": "11.0(6)SR2"
},
{
"status": "affected",
"version": "14.1(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR2"
},
{
"status": "affected",
"version": "11.0(6)SR4"
},
{
"status": "affected",
"version": "14.2(1)"
},
{
"status": "affected",
"version": "14.2(1)SR1"
},
{
"status": "affected",
"version": "11.0(6)SR5"
},
{
"status": "affected",
"version": "14.1(1)SR3"
},
{
"status": "affected",
"version": "14.2(1)SR2"
},
{
"status": "affected",
"version": "3.1(1)"
},
{
"status": "affected",
"version": "3.0(1)"
},
{
"status": "affected",
"version": "2.3(1)"
},
{
"status": "affected",
"version": "2.3(1)SR1"
},
{
"status": "affected",
"version": "2.2(1)"
},
{
"status": "affected",
"version": "2.1(1)"
},
{
"status": "affected",
"version": "2.0(1)"
},
{
"status": "affected",
"version": "14.2(1)SR3"
},
{
"status": "affected",
"version": "3.1(1)SR1"
},
{
"status": "affected",
"version": "14.3(1)"
},
{
"status": "affected",
"version": "3.2(1)"
},
{
"status": "affected",
"version": "14.3(1)SR1"
},
{
"status": "affected",
"version": "14.2(1)SR4"
},
{
"status": "affected",
"version": "11.0(6)SR6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device.\r\n\r\nThis vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T17:41:06.201Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-phone-write-g3kcC5Df",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-write-g3kcC5Df"
}
],
"source": {
"advisory": "cisco-sa-phone-write-g3kcC5Df",
"defects": [
"CSCwn51679"
],
"discovery": "INTERNAL"
},
"title": "Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Arbitrary File Write Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20335",
"datePublished": "2025-09-03T17:41:06.201Z",
"dateReserved": "2024-10-10T19:15:13.255Z",
"dateUpdated": "2025-09-03T17:56:55.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20336 (GCVE-0-2025-20336)
Vulnerability from cvelistv5 ā Published: 2025-09-03 17:41 ā Updated: 2025-09-03 17:57
VLAI?
Title
Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Disclosure Vulnerability
Summary
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability exists because the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. An attacker could exploit this vulnerability by sending a crafted packet to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information from the device.
Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Session Initiation Protocol (SIP) Software |
Affected:
12.1(1)SR1
Affected: 11.5(1) Affected: 10.3(2) Affected: 10.2(2) Affected: 10.3(1) Affected: 10.3(1)SR4 Affected: 11.0(1) Affected: 10.4(1)SR2 3rd Party Affected: 11.7(1) Affected: 12.1(1) Affected: 11.0(0.7) MPP Affected: 9.3(4) 3rd Party Affected: 12.5(1)SR2 Affected: 10.2(1)SR1 Affected: 9.3(4)SR3 3rd Party Affected: 10.2(1) Affected: 12.5(1) Affected: 10.3(1)SR2 Affected: 11-0-1MSR1-1 Affected: 10.4(1) 3rd Party Affected: 12.5(1)SR1 Affected: 11.5(1)SR1 Affected: 10.1(1)SR2 Affected: 12.0(1)SR2 Affected: 12.6(1) Affected: 10.3(1.11) 3rd Party Affected: 12.0(1) Affected: 12.0(1)SR1 Affected: 9.3(3) Affected: 12.5(1)SR3 Affected: 10.3(1)SR4b Affected: 9.3(4)SR1 3rd Party Affected: 10.3(1)SR5 Affected: 10.1(1.9) Affected: 10.3(1.9) 3rd Party Affected: 9.3(4)SR2 3rd Party Affected: 10.3(1)SR1 Affected: 10.3(1)SR3 Affected: 10.1(1)SR1 Affected: 12.0(1)SR3 Affected: 12.6(1)SR1 Affected: 12.7(1) Affected: 10.3(1)SR6 Affected: 12.8(1) Affected: 12.7(1)SR1 Affected: 12.8(1)SR1 Affected: 12.8(1)SR2 Affected: 14.0(1) Affected: 14.0(1)SR1 Affected: 10.3(1)SR7 Affected: 14.0(1)SR2 Affected: 14.1(1) Affected: 14.0(1)SR3 Affected: 14.1(1)SR1 Affected: 14.1(1)SR2 Affected: 14.2(1) Affected: 14.2(1)SR1 Affected: 14.1(1)SR3 Affected: 14.2(1)SR2 Affected: 3.1(1) Affected: 3.0(1) Affected: 2.3(1) Affected: 2.3(1)SR1 Affected: 2.2(1) Affected: 2.1(1) Affected: 2.0(1) Affected: 14.2(1)SR3 Affected: 3.1(1)SR1 Affected: 14.3(1) Affected: 3.2(1) Affected: 14.3(1)SR1 Affected: 14.2(1)SR4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T17:57:26.410747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T17:57:31.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Session Initiation Protocol (SIP) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.1(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.3(1)SR4"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "10.4(1)SR2 3rd Party"
},
{
"status": "affected",
"version": "11.7(1)"
},
{
"status": "affected",
"version": "12.1(1)"
},
{
"status": "affected",
"version": "11.0(0.7) MPP"
},
{
"status": "affected",
"version": "9.3(4) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR2"
},
{
"status": "affected",
"version": "10.2(1)SR1"
},
{
"status": "affected",
"version": "9.3(4)SR3 3rd Party"
},
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "10.3(1)SR2"
},
{
"status": "affected",
"version": "11-0-1MSR1-1"
},
{
"status": "affected",
"version": "10.4(1) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)SR1"
},
{
"status": "affected",
"version": "10.1(1)SR2"
},
{
"status": "affected",
"version": "12.0(1)SR2"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "10.3(1.11) 3rd Party"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)SR1"
},
{
"status": "affected",
"version": "9.3(3)"
},
{
"status": "affected",
"version": "12.5(1)SR3"
},
{
"status": "affected",
"version": "10.3(1)SR4b"
},
{
"status": "affected",
"version": "9.3(4)SR1 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR5"
},
{
"status": "affected",
"version": "10.1(1.9)"
},
{
"status": "affected",
"version": "10.3(1.9) 3rd Party"
},
{
"status": "affected",
"version": "9.3(4)SR2 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR3"
},
{
"status": "affected",
"version": "10.1(1)SR1"
},
{
"status": "affected",
"version": "12.0(1)SR3"
},
{
"status": "affected",
"version": "12.6(1)SR1"
},
{
"status": "affected",
"version": "12.7(1)"
},
{
"status": "affected",
"version": "10.3(1)SR6"
},
{
"status": "affected",
"version": "12.8(1)"
},
{
"status": "affected",
"version": "12.7(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR2"
},
{
"status": "affected",
"version": "14.0(1)"
},
{
"status": "affected",
"version": "14.0(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR7"
},
{
"status": "affected",
"version": "14.0(1)SR2"
},
{
"status": "affected",
"version": "14.1(1)"
},
{
"status": "affected",
"version": "14.0(1)SR3"
},
{
"status": "affected",
"version": "14.1(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR2"
},
{
"status": "affected",
"version": "14.2(1)"
},
{
"status": "affected",
"version": "14.2(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR3"
},
{
"status": "affected",
"version": "14.2(1)SR2"
},
{
"status": "affected",
"version": "3.1(1)"
},
{
"status": "affected",
"version": "3.0(1)"
},
{
"status": "affected",
"version": "2.3(1)"
},
{
"status": "affected",
"version": "2.3(1)SR1"
},
{
"status": "affected",
"version": "2.2(1)"
},
{
"status": "affected",
"version": "2.1(1)"
},
{
"status": "affected",
"version": "2.0(1)"
},
{
"status": "affected",
"version": "14.2(1)SR3"
},
{
"status": "affected",
"version": "3.1(1)SR1"
},
{
"status": "affected",
"version": "14.3(1)"
},
{
"status": "affected",
"version": "3.2(1)"
},
{
"status": "affected",
"version": "14.3(1)SR1"
},
{
"status": "affected",
"version": "14.2(1)SR4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r\nThis vulnerability exists because the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. An attacker could exploit this vulnerability by sending a crafted packet to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information from the device.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T17:41:01.463Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-phone-write-g3kcC5Df",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-write-g3kcC5Df"
}
],
"source": {
"advisory": "cisco-sa-phone-write-g3kcC5Df",
"defects": [
"CSCwn51677"
],
"discovery": "INTERNAL"
},
"title": "Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20336",
"datePublished": "2025-09-03T17:41:01.463Z",
"dateReserved": "2024-10-10T19:15:13.255Z",
"dateUpdated": "2025-09-03T17:57:31.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20158 (GCVE-0-2025-20158)
Vulnerability from cvelistv5 ā Published: 2025-02-19 16:06 ā Updated: 2025-02-19 16:22
VLAI?
Title
Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability
Summary
A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access on the affected device. SSH access is disabled by default.
This vulnerability is due to insufficient validation of user-supplied input by the debug shell of an affected device. An attacker could exploit this vulnerability by sending a crafted SSH client command to the CLI. A successful exploit could allow the attacker to access sensitive information on the underlying operating system.
Severity ?
4.4 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Session Initiation Protocol (SIP) Software |
Affected:
3.1(1)
Affected: 3.0(1) Affected: 2.3(1) Affected: 2.3(1)SR1 Affected: 2.2(1) Affected: 2.1(1) Affected: 2.0(1) Affected: 3.1(1)SR1 Affected: 3.2(1) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T16:20:34.156069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T16:22:29.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Session Initiation Protocol (SIP) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.1(1)"
},
{
"status": "affected",
"version": "3.0(1)"
},
{
"status": "affected",
"version": "2.3(1)"
},
{
"status": "affected",
"version": "2.3(1)SR1"
},
{
"status": "affected",
"version": "2.2(1)"
},
{
"status": "affected",
"version": "2.1(1)"
},
{
"status": "affected",
"version": "2.0(1)"
},
{
"status": "affected",
"version": "3.1(1)SR1"
},
{
"status": "affected",
"version": "3.2(1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access on the affected device. SSH access is disabled by default.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the debug shell of an affected device. An attacker could exploit this vulnerability by sending a crafted SSH client command to the CLI. A successful exploit could allow the attacker to access sensitive information on the underlying operating system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T16:06:00.812Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-phone-info-disc-YyxsWStK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-info-disc-YyxsWStK"
}
],
"source": {
"advisory": "cisco-sa-phone-info-disc-YyxsWStK",
"defects": [
"CSCwn51779"
],
"discovery": "INTERNAL"
},
"title": "Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20158",
"datePublished": "2025-02-19T16:06:00.812Z",
"dateReserved": "2024-10-10T19:15:13.217Z",
"dateUpdated": "2025-02-19T16:22:29.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20445 (GCVE-0-2024-20445)
Vulnerability from cvelistv5 ā Published: 2024-11-06 16:29 ā Updated: 2024-11-06 22:00
VLAI?
Title
Cisco IP Phone 7800, 8800, and 9800 Series Information Disclosure Vulnerability
Summary
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records.
Note: Web Access is disabled by default.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Session Initiation Protocol (SIP) Software |
Affected:
12.1(1)SR1
Affected: 11.5(1) Affected: 10.3(2) Affected: 10.2(2) Affected: 10.3(1) Affected: 10.3(1)SR4 Affected: 11.0(1) Affected: 10.4(1)SR2 3rd Party Affected: 11.7(1) Affected: 12.1(1) Affected: 11.0(0.7) MPP Affected: 9.3(4) 3rd Party Affected: 12.5(1)SR2 Affected: 10.2(1)SR1 Affected: 9.3(4)SR3 3rd Party Affected: 10.2(1) Affected: 12.5(1) Affected: 10.3(1)SR2 Affected: 11-0-1MSR1-1 Affected: 10.4(1) 3rd Party Affected: 12.5(1)SR1 Affected: 11.5(1)SR1 Affected: 10.1(1)SR2 Affected: 12.0(1)SR2 Affected: 12.6(1) Affected: 10.3(1.11) 3rd Party Affected: 12.0(1) Affected: 12.0(1)SR1 Affected: 9.3(3) Affected: 12.5(1)SR3 Affected: 10.3(1)SR4b Affected: 9.3(4)SR1 3rd Party Affected: 10.3(1)SR5 Affected: 10.1(1.9) Affected: 10.3(1.9) 3rd Party Affected: 9.3(4)SR2 3rd Party Affected: 10.3(1)SR1 Affected: 10.3(1)SR3 Affected: 10.1(1)SR1 Affected: 12.0(1)SR3 Affected: 12.6(1)SR1 Affected: 12.7(1) Affected: 10.3(1)SR6 Affected: 12.8(1) Affected: 12.7(1)SR1 Affected: 12.8(1)SR1 Affected: 12.8(1)SR2 Affected: 14.0(1) Affected: 14.0(1)SR1 Affected: 10.3(1)SR7 Affected: 14.0(1)SR2 Affected: 14.1(1) Affected: 14.0(1)SR3 Affected: 14.1(1)SR1 Affected: 14.1(1)SR2 Affected: 14.2(1) Affected: 14.2(1)SR1 Affected: 14.1(1)SR3 Affected: 14.2(1)SR2 Affected: 3.1(1) Affected: 3.0(1) Affected: 14.2(1)SR3 Affected: 3.1(1)SR1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:sip_ip_phone_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sip_ip_phone_software",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.1(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.3(1)SR4"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "10.4(1)SR2_3rd_Party"
},
{
"status": "affected",
"version": "11.7(1)"
},
{
"status": "affected",
"version": "12.1(1)"
},
{
"status": "affected",
"version": "11.0(0.7)_MPP"
},
{
"status": "affected",
"version": "9.3(4)_3rd_Party"
},
{
"status": "affected",
"version": "12.5(1)SR2"
},
{
"status": "affected",
"version": "10.2(1)SR1"
},
{
"status": "affected",
"version": "9.3(4)SR3_3rd_Party"
},
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "10.3(1)SR2"
},
{
"status": "affected",
"version": "11-0-1MSR1-1"
},
{
"status": "affected",
"version": "10.4(1)_3rd_Party"
},
{
"status": "affected",
"version": "12.5(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)SR1"
},
{
"status": "affected",
"version": "10.1(1)SR2"
},
{
"status": "affected",
"version": "12.0(1)SR2"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "10.3(1.11)_3rd_Party"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)SR1"
},
{
"status": "affected",
"version": "9.3(3)"
},
{
"status": "affected",
"version": "12.5(1)SR3"
},
{
"status": "affected",
"version": "10.3(1)SR4b"
},
{
"status": "affected",
"version": "9.3(4)SR1_3rd_Party"
},
{
"status": "affected",
"version": "10.3(1)SR5"
},
{
"status": "affected",
"version": "10.1(1.9)"
},
{
"status": "affected",
"version": "10.3(1.9)_3rd_Party"
},
{
"status": "affected",
"version": "9.3(4)SR2_3rd_Party"
},
{
"status": "affected",
"version": "10.3(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR3"
},
{
"status": "affected",
"version": "10.1(1)SR1"
},
{
"status": "affected",
"version": "12.0(1)SR3"
},
{
"status": "affected",
"version": "12.6(1)SR1"
},
{
"status": "affected",
"version": "12.7(1)"
},
{
"status": "affected",
"version": "10.3(1)SR6"
},
{
"status": "affected",
"version": "12.8(1)"
},
{
"status": "affected",
"version": "12.7(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR2"
},
{
"status": "affected",
"version": "14.0(1)"
},
{
"status": "affected",
"version": "14.0(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR7"
},
{
"status": "affected",
"version": "14.0(1)SR2"
},
{
"status": "affected",
"version": "14.1(1)"
},
{
"status": "affected",
"version": "14.0(1)SR3"
},
{
"status": "affected",
"version": "14.1(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR2"
},
{
"status": "affected",
"version": "14.2(1)"
},
{
"status": "affected",
"version": "14.2(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR3"
},
{
"status": "affected",
"version": "14.2(1)SR2"
},
{
"status": "affected",
"version": "3.1(1)"
},
{
"status": "affected",
"version": "3.0(1)"
},
{
"status": "affected",
"version": "14.2(1)SR3"
},
{
"status": "affected",
"version": "3.1(1)SR1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20445",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T17:23:46.067108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T22:00:02.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Session Initiation Protocol (SIP) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.1(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.3(1)SR4"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "10.4(1)SR2 3rd Party"
},
{
"status": "affected",
"version": "11.7(1)"
},
{
"status": "affected",
"version": "12.1(1)"
},
{
"status": "affected",
"version": "11.0(0.7) MPP"
},
{
"status": "affected",
"version": "9.3(4) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR2"
},
{
"status": "affected",
"version": "10.2(1)SR1"
},
{
"status": "affected",
"version": "9.3(4)SR3 3rd Party"
},
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "10.3(1)SR2"
},
{
"status": "affected",
"version": "11-0-1MSR1-1"
},
{
"status": "affected",
"version": "10.4(1) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)SR1"
},
{
"status": "affected",
"version": "10.1(1)SR2"
},
{
"status": "affected",
"version": "12.0(1)SR2"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "10.3(1.11) 3rd Party"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)SR1"
},
{
"status": "affected",
"version": "9.3(3)"
},
{
"status": "affected",
"version": "12.5(1)SR3"
},
{
"status": "affected",
"version": "10.3(1)SR4b"
},
{
"status": "affected",
"version": "9.3(4)SR1 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR5"
},
{
"status": "affected",
"version": "10.1(1.9)"
},
{
"status": "affected",
"version": "10.3(1.9) 3rd Party"
},
{
"status": "affected",
"version": "9.3(4)SR2 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR3"
},
{
"status": "affected",
"version": "10.1(1)SR1"
},
{
"status": "affected",
"version": "12.0(1)SR3"
},
{
"status": "affected",
"version": "12.6(1)SR1"
},
{
"status": "affected",
"version": "12.7(1)"
},
{
"status": "affected",
"version": "10.3(1)SR6"
},
{
"status": "affected",
"version": "12.8(1)"
},
{
"status": "affected",
"version": "12.7(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR2"
},
{
"status": "affected",
"version": "14.0(1)"
},
{
"status": "affected",
"version": "14.0(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR7"
},
{
"status": "affected",
"version": "14.0(1)SR2"
},
{
"status": "affected",
"version": "14.1(1)"
},
{
"status": "affected",
"version": "14.0(1)SR3"
},
{
"status": "affected",
"version": "14.1(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR2"
},
{
"status": "affected",
"version": "14.2(1)"
},
{
"status": "affected",
"version": "14.2(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR3"
},
{
"status": "affected",
"version": "14.2(1)SR2"
},
{
"status": "affected",
"version": "3.1(1)"
},
{
"status": "affected",
"version": "3.0(1)"
},
{
"status": "affected",
"version": "14.2(1)SR3"
},
{
"status": "affected",
"version": "3.1(1)SR1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records.\r\nNote: Web Access is disabled by default."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:29:06.293Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-phone-infodisc-sbyqQVbG",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG"
}
],
"source": {
"advisory": "cisco-sa-phone-infodisc-sbyqQVbG",
"defects": [
"CSCwk25862"
],
"discovery": "EXTERNAL"
},
"title": "Cisco IP Phone 7800, 8800, and 9800 Series Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20445",
"datePublished": "2024-11-06T16:29:06.293Z",
"dateReserved": "2023-11-08T15:08:07.678Z",
"dateUpdated": "2024-11-06T22:00:02.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20376 (GCVE-0-2024-20376)
Vulnerability from cvelistv5 ā Published: 2024-05-01 16:43 ā Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.
Severity ?
7.5 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco IP Phones with Multiplatform Firmware |
Affected:
11.3.1 MSR2-6
Affected: 11.3.1 MSR3-3 Affected: 11.3.2 Affected: 11.3.3 Affected: 11.3.1 MSR4-1 Affected: 11.3.4 Affected: 11.3.5 Affected: 11.3.3 MSR2 Affected: 11.3.3 MSR1 Affected: 11.3.6 Affected: 11-3-1MPPSR4UPG Affected: 11.3.7 Affected: 11-3-1MSR2UPG Affected: 11.3.6SR1 Affected: 11.3.7SR1 Affected: 11.3.7SR2 Affected: 11.0.0 Affected: 11.0.1 Affected: 11.0.1 MSR1-1 Affected: 11.0.2 Affected: 11.1.1 Affected: 11.1.1 MSR1-1 Affected: 11.1.1 MSR2-1 Affected: 11.1.2 Affected: 11.1.2 MSR1-1 Affected: 11.1.2 MSR3-1 Affected: 11.2.1 Affected: 11.2.2 Affected: 11.2.3 Affected: 11.2.3 MSR1-1 Affected: 11.2.4 Affected: 11.3.1 Affected: 11.3.1 MSR1-3 Affected: 4.5 Affected: 4.6 MSR1 Affected: 4.7.1 Affected: 4.8.1 Affected: 4.8.1 SR1 Affected: 5.0.1 Affected: 12.0.1 Affected: 12.0.2 Affected: 12.0.3 Affected: 12.0.3SR1 Affected: 12.0.4 Affected: 5.1.1 Affected: 5.1.2 Affected: 5.1(2)SR1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6871_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6821_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6851_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7821_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6861_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6825_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6841_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7811_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7841_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7861_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_8800_series_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "video_phone_8875_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T20:50:33.825806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:47:10.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IP Phones with Multiplatform Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.3.1 MSR2-6"
},
{
"status": "affected",
"version": "11.3.1 MSR3-3"
},
{
"status": "affected",
"version": "11.3.2"
},
{
"status": "affected",
"version": "11.3.3"
},
{
"status": "affected",
"version": "11.3.1 MSR4-1"
},
{
"status": "affected",
"version": "11.3.4"
},
{
"status": "affected",
"version": "11.3.5"
},
{
"status": "affected",
"version": "11.3.3 MSR2"
},
{
"status": "affected",
"version": "11.3.3 MSR1"
},
{
"status": "affected",
"version": "11.3.6"
},
{
"status": "affected",
"version": "11-3-1MPPSR4UPG"
},
{
"status": "affected",
"version": "11.3.7"
},
{
"status": "affected",
"version": "11-3-1MSR2UPG"
},
{
"status": "affected",
"version": "11.3.6SR1"
},
{
"status": "affected",
"version": "11.3.7SR1"
},
{
"status": "affected",
"version": "11.3.7SR2"
},
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.0.1 MSR1-1"
},
{
"status": "affected",
"version": "11.0.2"
},
{
"status": "affected",
"version": "11.1.1"
},
{
"status": "affected",
"version": "11.1.1 MSR1-1"
},
{
"status": "affected",
"version": "11.1.1 MSR2-1"
},
{
"status": "affected",
"version": "11.1.2"
},
{
"status": "affected",
"version": "11.1.2 MSR1-1"
},
{
"status": "affected",
"version": "11.1.2 MSR3-1"
},
{
"status": "affected",
"version": "11.2.1"
},
{
"status": "affected",
"version": "11.2.2"
},
{
"status": "affected",
"version": "11.2.3"
},
{
"status": "affected",
"version": "11.2.3 MSR1-1"
},
{
"status": "affected",
"version": "11.2.4"
},
{
"status": "affected",
"version": "11.3.1"
},
{
"status": "affected",
"version": "11.3.1 MSR1-3"
},
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "4.6 MSR1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.1 SR1"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.3"
},
{
"status": "affected",
"version": "12.0.3SR1"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "5.1.1"
},
{
"status": "affected",
"version": "5.1.2"
},
{
"status": "affected",
"version": "5.1(2)SR1"
}
]
},
{
"product": "Cisco PhoneOS",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "2.1.1"
},
{
"status": "affected",
"version": "2.0.1"
},
{
"status": "affected",
"version": "2.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. \r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T16:43:15.553Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
}
],
"source": {
"advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"defects": [
"CSCwi64103",
"CSCwi64077"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20376",
"datePublished": "2024-05-01T16:43:15.553Z",
"dateReserved": "2023-11-08T15:08:07.655Z",
"dateUpdated": "2024-08-01T21:59:42.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20357 (GCVE-0-2024-20357)
Vulnerability from cvelistv5 ā Published: 2024-05-01 16:36 ā Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device.
This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.
Severity ?
5.9 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco IP Phones with Multiplatform Firmware |
Affected:
11.3.1 MSR2-6
Affected: 11.3.1 MSR3-3 Affected: 11.3.2 Affected: 11.3.3 Affected: 11.3.1 MSR4-1 Affected: 11.3.4 Affected: 11.3.5 Affected: 11.3.3 MSR2 Affected: 11.3.3 MSR1 Affected: 11.3.6 Affected: 11-3-1MPPSR4UPG Affected: 11.3.7 Affected: 11-3-1MSR2UPG Affected: 11.3.6SR1 Affected: 11.3.7SR1 Affected: 11.3.7SR2 Affected: 11.0.0 Affected: 11.0.1 Affected: 11.0.1 MSR1-1 Affected: 11.0.2 Affected: 11.1.1 Affected: 11.1.1 MSR1-1 Affected: 11.1.1 MSR2-1 Affected: 11.1.2 Affected: 11.1.2 MSR1-1 Affected: 11.1.2 MSR3-1 Affected: 11.2.1 Affected: 11.2.2 Affected: 11.2.3 Affected: 11.2.3 MSR1-1 Affected: 11.2.4 Affected: 11.3.1 Affected: 11.3.1 MSR1-3 Affected: 4.5 Affected: 4.6 MSR1 Affected: 4.7.1 Affected: 4.8.1 Affected: 4.8.1 SR1 Affected: 5.0.1 Affected: 12.0.1 Affected: 12.0.2 Affected: 12.0.3 Affected: 12.0.3SR1 Affected: 12.0.4 Affected: 5.1.1 Affected: 5.1.2 Affected: 5.1(2)SR1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6871_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6821_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6851_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7821_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6861_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6825_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6841_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7811_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7841_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7861_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_8800_series_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "video_phone_8875_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T20:55:26.843678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:45:13.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IP Phones with Multiplatform Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.3.1 MSR2-6"
},
{
"status": "affected",
"version": "11.3.1 MSR3-3"
},
{
"status": "affected",
"version": "11.3.2"
},
{
"status": "affected",
"version": "11.3.3"
},
{
"status": "affected",
"version": "11.3.1 MSR4-1"
},
{
"status": "affected",
"version": "11.3.4"
},
{
"status": "affected",
"version": "11.3.5"
},
{
"status": "affected",
"version": "11.3.3 MSR2"
},
{
"status": "affected",
"version": "11.3.3 MSR1"
},
{
"status": "affected",
"version": "11.3.6"
},
{
"status": "affected",
"version": "11-3-1MPPSR4UPG"
},
{
"status": "affected",
"version": "11.3.7"
},
{
"status": "affected",
"version": "11-3-1MSR2UPG"
},
{
"status": "affected",
"version": "11.3.6SR1"
},
{
"status": "affected",
"version": "11.3.7SR1"
},
{
"status": "affected",
"version": "11.3.7SR2"
},
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.0.1 MSR1-1"
},
{
"status": "affected",
"version": "11.0.2"
},
{
"status": "affected",
"version": "11.1.1"
},
{
"status": "affected",
"version": "11.1.1 MSR1-1"
},
{
"status": "affected",
"version": "11.1.1 MSR2-1"
},
{
"status": "affected",
"version": "11.1.2"
},
{
"status": "affected",
"version": "11.1.2 MSR1-1"
},
{
"status": "affected",
"version": "11.1.2 MSR3-1"
},
{
"status": "affected",
"version": "11.2.1"
},
{
"status": "affected",
"version": "11.2.2"
},
{
"status": "affected",
"version": "11.2.3"
},
{
"status": "affected",
"version": "11.2.3 MSR1-1"
},
{
"status": "affected",
"version": "11.2.4"
},
{
"status": "affected",
"version": "11.3.1"
},
{
"status": "affected",
"version": "11.3.1 MSR1-3"
},
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "4.6 MSR1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.1 SR1"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.3"
},
{
"status": "affected",
"version": "12.0.3SR1"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "5.1.1"
},
{
"status": "affected",
"version": "5.1.2"
},
{
"status": "affected",
"version": "5.1(2)SR1"
}
]
},
{
"product": "Cisco PhoneOS",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "2.1.1"
},
{
"status": "affected",
"version": "2.0.1"
},
{
"status": "affected",
"version": "2.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. \r\n\r This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T16:36:53.907Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
}
],
"source": {
"advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"defects": [
"CSCwi64082",
"CSCwi64064"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20357",
"datePublished": "2024-05-01T16:36:53.907Z",
"dateReserved": "2023-11-08T15:08:07.649Z",
"dateUpdated": "2024-08-01T21:59:42.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20221 (GCVE-0-2023-20221)
Vulnerability from cvelistv5 ā Published: 2023-08-16 21:01 ā Updated: 2024-08-02 09:05
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system.
This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition.
Severity ?
6.5 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco IP Phones with Multiplatform Firmware |
Affected:
11.3.1 MSR2-6
Affected: 11.3.1 MSR3-3 Affected: 11.3.2 Affected: 11.3.3 Affected: 11.3.4 Affected: 11.3.5 Affected: 11.3.3 MSR1 Affected: 11.3.6 Affected: 11-3-1MPPSR4UPG Affected: 11.3.7 Affected: 11-3-1MSR2UPG Affected: 11.3.6SR1 Affected: 11.3.7SR1 Affected: 11.3.7SR2 Affected: 11.0.0 Affected: 11.0.1 Affected: 11.0.1 MSR1-1 Affected: 11.0.2 Affected: 11.1.1 Affected: 11.1.1 MSR1-1 Affected: 11.1.1 MSR2-1 Affected: 11.1.2 Affected: 11.1.2 MSR1-1 Affected: 11.1.2 MSR3-1 Affected: 11.2.1 Affected: 11.2.2 Affected: 11.2.3 Affected: 11.2.3 MSR1-1 Affected: 11.2.4 Affected: 11.3.1 Affected: 11.3.1 MSR1-3 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ipphone-csrf-HOCmXW2c",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-csrf-HOCmXW2c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IP Phones with Multiplatform Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.3.1 MSR2-6"
},
{
"status": "affected",
"version": "11.3.1 MSR3-3"
},
{
"status": "affected",
"version": "11.3.2"
},
{
"status": "affected",
"version": "11.3.3"
},
{
"status": "affected",
"version": "11.3.4"
},
{
"status": "affected",
"version": "11.3.5"
},
{
"status": "affected",
"version": "11.3.3 MSR1"
},
{
"status": "affected",
"version": "11.3.6"
},
{
"status": "affected",
"version": "11-3-1MPPSR4UPG"
},
{
"status": "affected",
"version": "11.3.7"
},
{
"status": "affected",
"version": "11-3-1MSR2UPG"
},
{
"status": "affected",
"version": "11.3.6SR1"
},
{
"status": "affected",
"version": "11.3.7SR1"
},
{
"status": "affected",
"version": "11.3.7SR2"
},
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.0.1 MSR1-1"
},
{
"status": "affected",
"version": "11.0.2"
},
{
"status": "affected",
"version": "11.1.1"
},
{
"status": "affected",
"version": "11.1.1 MSR1-1"
},
{
"status": "affected",
"version": "11.1.1 MSR2-1"
},
{
"status": "affected",
"version": "11.1.2"
},
{
"status": "affected",
"version": "11.1.2 MSR1-1"
},
{
"status": "affected",
"version": "11.1.2 MSR3-1"
},
{
"status": "affected",
"version": "11.2.1"
},
{
"status": "affected",
"version": "11.2.2"
},
{
"status": "affected",
"version": "11.2.3"
},
{
"status": "affected",
"version": "11.2.3 MSR1-1"
},
{
"status": "affected",
"version": "11.2.4"
},
{
"status": "affected",
"version": "11.3.1"
},
{
"status": "affected",
"version": "11.3.1 MSR1-3"
}
]
},
{
"product": "Cisco PhoneOS",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:23.679Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ipphone-csrf-HOCmXW2c",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-csrf-HOCmXW2c"
}
],
"source": {
"advisory": "cisco-sa-ipphone-csrf-HOCmXW2c",
"defects": [
"CSCwc78409",
"CSCwc81103",
"CSCwc78412"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20221",
"datePublished": "2023-08-16T21:01:05.872Z",
"dateReserved": "2022-10-27T18:47:50.368Z",
"dateUpdated": "2024-08-02T09:05:35.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20351 (GCVE-0-2025-20351)
Vulnerability from nvd ā Published: 2025-10-15 16:15 ā Updated: 2025-10-15 17:43
VLAI?
Title
Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Cross-Site Scripting Vulnerability
Summary
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI.
This vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Session Initiation Protocol (SIP) Software |
Affected:
12.1(1)SR1
Affected: 11.5(1) Affected: 10.3(2) Affected: 10.2(2) Affected: 10.3(1) Affected: 10.3(1)SR4 Affected: 11.0(1) Affected: 10.4(1)SR2 3rd Party Affected: 11.7(1) Affected: 12.1(1) Affected: 11.0(0.7) MPP Affected: 9.3(4) 3rd Party Affected: 12.5(1)SR2 Affected: 10.2(1)SR1 Affected: 9.3(4)SR3 3rd Party Affected: 10.2(1) Affected: 12.5(1) Affected: 10.3(1)SR2 Affected: 11-0-1MSR1-1 Affected: 10.4(1) 3rd Party Affected: 12.5(1)SR1 Affected: 11.5(1)SR1 Affected: 10.1(1)SR2 Affected: 12.0(1)SR2 Affected: 12.6(1) Affected: 10.3(1.11) 3rd Party Affected: 12.0(1) Affected: 12.0(1)SR1 Affected: 9.3(3) Affected: 12.5(1)SR3 Affected: 10.3(1)SR4b Affected: 9.3(4)SR1 3rd Party Affected: 10.3(1)SR5 Affected: 10.1(1.9) Affected: 10.3(1.9) 3rd Party Affected: 9.3(4)SR2 3rd Party Affected: 10.3(1)SR1 Affected: 10.3(1)SR3 Affected: 10.1(1)SR1 Affected: 12.0(1)SR3 Affected: 12.6(1)SR1 Affected: 12.7(1) Affected: 10.3(1)SR6 Affected: 12.8(1) Affected: 12.7(1)SR1 Affected: 11.0(2)SR1 Affected: 11.0(4) Affected: 11.0(2) Affected: 11.0(4)SR3 Affected: 11.0(5) Affected: 11.0(3)SR2 Affected: 11.0(3)SR4 Affected: 11.0(3)SR3 Affected: 11.0(2)SR2 Affected: 11.0(4)SR1 Affected: 11.0(5)SR3 Affected: 11.0(3) Affected: 11.0(5)SR2 Affected: 11.0(3)SR6 Affected: 11.0(5)SR1 Affected: 11.0(4)SR2 Affected: 11.0(3)SR1 Affected: 11.0(3)SR5 Affected: 11.0(6) Affected: 12.8(1)SR1 Affected: 12.8(1)SR2 Affected: 14.0(1) Affected: 14.0(1)SR1 Affected: 11.0(6)SR1 Affected: 10.3(1)SR7 Affected: 14.0(1)SR2 Affected: 14.1(1) Affected: 14.0(1)SR3 Affected: 11.0(6)SR2 Affected: 14.1(1)SR1 Affected: 14.1(1)SR2 Affected: 11.0(6)SR4 Affected: 14.2(1) Affected: 14.2(1)SR1 Affected: 11.0(6)SR5 Affected: 14.1(1)SR3 Affected: 14.2(1)SR2 Affected: 3.1(1) Affected: 3.0(1) Affected: 2.3(1) Affected: 2.3(1)SR1 Affected: 2.2(1) Affected: 2.1(1) Affected: 2.0(1) Affected: 14.2(1)SR3 Affected: 3.1(1)SR1 Affected: 14.3(1) Affected: 3.2(1) Affected: 14.3(1)SR1 Affected: 14.2(1)SR4 Affected: 11.0(6)SR6 Affected: 14.3(1)SR2 Affected: 14.3(1)SR3 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20351",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T17:41:21.666555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T17:43:25.544Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Session Initiation Protocol (SIP) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.1(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.3(1)SR4"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "10.4(1)SR2 3rd Party"
},
{
"status": "affected",
"version": "11.7(1)"
},
{
"status": "affected",
"version": "12.1(1)"
},
{
"status": "affected",
"version": "11.0(0.7) MPP"
},
{
"status": "affected",
"version": "9.3(4) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR2"
},
{
"status": "affected",
"version": "10.2(1)SR1"
},
{
"status": "affected",
"version": "9.3(4)SR3 3rd Party"
},
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "10.3(1)SR2"
},
{
"status": "affected",
"version": "11-0-1MSR1-1"
},
{
"status": "affected",
"version": "10.4(1) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)SR1"
},
{
"status": "affected",
"version": "10.1(1)SR2"
},
{
"status": "affected",
"version": "12.0(1)SR2"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "10.3(1.11) 3rd Party"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)SR1"
},
{
"status": "affected",
"version": "9.3(3)"
},
{
"status": "affected",
"version": "12.5(1)SR3"
},
{
"status": "affected",
"version": "10.3(1)SR4b"
},
{
"status": "affected",
"version": "9.3(4)SR1 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR5"
},
{
"status": "affected",
"version": "10.1(1.9)"
},
{
"status": "affected",
"version": "10.3(1.9) 3rd Party"
},
{
"status": "affected",
"version": "9.3(4)SR2 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR3"
},
{
"status": "affected",
"version": "10.1(1)SR1"
},
{
"status": "affected",
"version": "12.0(1)SR3"
},
{
"status": "affected",
"version": "12.6(1)SR1"
},
{
"status": "affected",
"version": "12.7(1)"
},
{
"status": "affected",
"version": "10.3(1)SR6"
},
{
"status": "affected",
"version": "12.8(1)"
},
{
"status": "affected",
"version": "12.7(1)SR1"
},
{
"status": "affected",
"version": "11.0(2)SR1"
},
{
"status": "affected",
"version": "11.0(4)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "11.0(4)SR3"
},
{
"status": "affected",
"version": "11.0(5)"
},
{
"status": "affected",
"version": "11.0(3)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR4"
},
{
"status": "affected",
"version": "11.0(3)SR3"
},
{
"status": "affected",
"version": "11.0(2)SR2"
},
{
"status": "affected",
"version": "11.0(4)SR1"
},
{
"status": "affected",
"version": "11.0(5)SR3"
},
{
"status": "affected",
"version": "11.0(3)"
},
{
"status": "affected",
"version": "11.0(5)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR6"
},
{
"status": "affected",
"version": "11.0(5)SR1"
},
{
"status": "affected",
"version": "11.0(4)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR1"
},
{
"status": "affected",
"version": "11.0(3)SR5"
},
{
"status": "affected",
"version": "11.0(6)"
},
{
"status": "affected",
"version": "12.8(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR2"
},
{
"status": "affected",
"version": "14.0(1)"
},
{
"status": "affected",
"version": "14.0(1)SR1"
},
{
"status": "affected",
"version": "11.0(6)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR7"
},
{
"status": "affected",
"version": "14.0(1)SR2"
},
{
"status": "affected",
"version": "14.1(1)"
},
{
"status": "affected",
"version": "14.0(1)SR3"
},
{
"status": "affected",
"version": "11.0(6)SR2"
},
{
"status": "affected",
"version": "14.1(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR2"
},
{
"status": "affected",
"version": "11.0(6)SR4"
},
{
"status": "affected",
"version": "14.2(1)"
},
{
"status": "affected",
"version": "14.2(1)SR1"
},
{
"status": "affected",
"version": "11.0(6)SR5"
},
{
"status": "affected",
"version": "14.1(1)SR3"
},
{
"status": "affected",
"version": "14.2(1)SR2"
},
{
"status": "affected",
"version": "3.1(1)"
},
{
"status": "affected",
"version": "3.0(1)"
},
{
"status": "affected",
"version": "2.3(1)"
},
{
"status": "affected",
"version": "2.3(1)SR1"
},
{
"status": "affected",
"version": "2.2(1)"
},
{
"status": "affected",
"version": "2.1(1)"
},
{
"status": "affected",
"version": "2.0(1)"
},
{
"status": "affected",
"version": "14.2(1)SR3"
},
{
"status": "affected",
"version": "3.1(1)SR1"
},
{
"status": "affected",
"version": "14.3(1)"
},
{
"status": "affected",
"version": "3.2(1)"
},
{
"status": "affected",
"version": "14.3(1)SR1"
},
{
"status": "affected",
"version": "14.2(1)SR4"
},
{
"status": "affected",
"version": "11.0(6)SR6"
},
{
"status": "affected",
"version": "14.3(1)SR2"
},
{
"status": "affected",
"version": "14.3(1)SR3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of the web UI.\r\n\r\nThis vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r\nNote: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T16:15:18.666Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-phone-dos-FPyjLV7A",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-dos-FPyjLV7A"
}
],
"source": {
"advisory": "cisco-sa-phone-dos-FPyjLV7A",
"defects": [
"CSCwn51683"
],
"discovery": "INTERNAL"
},
"title": "Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Cross-Site Scripting Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20351",
"datePublished": "2025-10-15T16:15:18.666Z",
"dateReserved": "2024-10-10T19:15:13.257Z",
"dateUpdated": "2025-10-15T17:43:25.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20350 (GCVE-0-2025-20350)
Vulnerability from nvd ā Published: 2025-10-15 16:15 ā Updated: 2025-10-15 17:42
VLAI?
Title
Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Denial of Service Vulnerability
Summary
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.
This vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.
Severity ?
7.5 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Session Initiation Protocol (SIP) Software |
Affected:
12.1(1)SR1
Affected: 11.5(1) Affected: 10.3(2) Affected: 10.2(2) Affected: 10.3(1) Affected: 10.3(1)SR4 Affected: 11.0(1) Affected: 10.4(1)SR2 3rd Party Affected: 11.7(1) Affected: 12.1(1) Affected: 11.0(0.7) MPP Affected: 9.3(4) 3rd Party Affected: 12.5(1)SR2 Affected: 10.2(1)SR1 Affected: 9.3(4)SR3 3rd Party Affected: 10.2(1) Affected: 12.5(1) Affected: 10.3(1)SR2 Affected: 11-0-1MSR1-1 Affected: 10.4(1) 3rd Party Affected: 12.5(1)SR1 Affected: 11.5(1)SR1 Affected: 10.1(1)SR2 Affected: 12.0(1)SR2 Affected: 12.6(1) Affected: 10.3(1.11) 3rd Party Affected: 12.0(1) Affected: 12.0(1)SR1 Affected: 9.3(3) Affected: 12.5(1)SR3 Affected: 10.3(1)SR4b Affected: 9.3(4)SR1 3rd Party Affected: 10.3(1)SR5 Affected: 10.1(1.9) Affected: 10.3(1.9) 3rd Party Affected: 9.3(4)SR2 3rd Party Affected: 10.3(1)SR1 Affected: 10.3(1)SR3 Affected: 10.1(1)SR1 Affected: 12.0(1)SR3 Affected: 12.6(1)SR1 Affected: 12.7(1) Affected: 10.3(1)SR6 Affected: 12.8(1) Affected: 12.7(1)SR1 Affected: 11.0(2)SR1 Affected: 11.0(4) Affected: 11.0(2) Affected: 11.0(4)SR3 Affected: 11.0(5) Affected: 11.0(3)SR2 Affected: 11.0(3)SR4 Affected: 11.0(3)SR3 Affected: 11.0(2)SR2 Affected: 11.0(4)SR1 Affected: 11.0(5)SR3 Affected: 11.0(3) Affected: 11.0(5)SR2 Affected: 11.0(3)SR6 Affected: 11.0(5)SR1 Affected: 11.0(4)SR2 Affected: 11.0(3)SR1 Affected: 11.0(3)SR5 Affected: 11.0(6) Affected: 12.8(1)SR1 Affected: 12.8(1)SR2 Affected: 14.0(1) Affected: 14.0(1)SR1 Affected: 11.0(6)SR1 Affected: 10.3(1)SR7 Affected: 14.0(1)SR2 Affected: 14.1(1) Affected: 14.0(1)SR3 Affected: 11.0(6)SR2 Affected: 14.1(1)SR1 Affected: 14.1(1)SR2 Affected: 11.0(6)SR4 Affected: 14.2(1) Affected: 14.2(1)SR1 Affected: 11.0(6)SR5 Affected: 14.1(1)SR3 Affected: 14.2(1)SR2 Affected: 3.1(1) Affected: 3.0(1) Affected: 2.3(1) Affected: 2.3(1)SR1 Affected: 2.2(1) Affected: 2.1(1) Affected: 2.0(1) Affected: 14.2(1)SR3 Affected: 3.1(1)SR1 Affected: 14.3(1) Affected: 3.2(1) Affected: 14.3(1)SR1 Affected: 14.2(1)SR4 Affected: 11.0(6)SR6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20350",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-15T17:42:26.123690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T17:42:59.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Session Initiation Protocol (SIP) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.1(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.3(1)SR4"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "10.4(1)SR2 3rd Party"
},
{
"status": "affected",
"version": "11.7(1)"
},
{
"status": "affected",
"version": "12.1(1)"
},
{
"status": "affected",
"version": "11.0(0.7) MPP"
},
{
"status": "affected",
"version": "9.3(4) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR2"
},
{
"status": "affected",
"version": "10.2(1)SR1"
},
{
"status": "affected",
"version": "9.3(4)SR3 3rd Party"
},
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "10.3(1)SR2"
},
{
"status": "affected",
"version": "11-0-1MSR1-1"
},
{
"status": "affected",
"version": "10.4(1) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)SR1"
},
{
"status": "affected",
"version": "10.1(1)SR2"
},
{
"status": "affected",
"version": "12.0(1)SR2"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "10.3(1.11) 3rd Party"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)SR1"
},
{
"status": "affected",
"version": "9.3(3)"
},
{
"status": "affected",
"version": "12.5(1)SR3"
},
{
"status": "affected",
"version": "10.3(1)SR4b"
},
{
"status": "affected",
"version": "9.3(4)SR1 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR5"
},
{
"status": "affected",
"version": "10.1(1.9)"
},
{
"status": "affected",
"version": "10.3(1.9) 3rd Party"
},
{
"status": "affected",
"version": "9.3(4)SR2 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR3"
},
{
"status": "affected",
"version": "10.1(1)SR1"
},
{
"status": "affected",
"version": "12.0(1)SR3"
},
{
"status": "affected",
"version": "12.6(1)SR1"
},
{
"status": "affected",
"version": "12.7(1)"
},
{
"status": "affected",
"version": "10.3(1)SR6"
},
{
"status": "affected",
"version": "12.8(1)"
},
{
"status": "affected",
"version": "12.7(1)SR1"
},
{
"status": "affected",
"version": "11.0(2)SR1"
},
{
"status": "affected",
"version": "11.0(4)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "11.0(4)SR3"
},
{
"status": "affected",
"version": "11.0(5)"
},
{
"status": "affected",
"version": "11.0(3)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR4"
},
{
"status": "affected",
"version": "11.0(3)SR3"
},
{
"status": "affected",
"version": "11.0(2)SR2"
},
{
"status": "affected",
"version": "11.0(4)SR1"
},
{
"status": "affected",
"version": "11.0(5)SR3"
},
{
"status": "affected",
"version": "11.0(3)"
},
{
"status": "affected",
"version": "11.0(5)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR6"
},
{
"status": "affected",
"version": "11.0(5)SR1"
},
{
"status": "affected",
"version": "11.0(4)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR1"
},
{
"status": "affected",
"version": "11.0(3)SR5"
},
{
"status": "affected",
"version": "11.0(6)"
},
{
"status": "affected",
"version": "12.8(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR2"
},
{
"status": "affected",
"version": "14.0(1)"
},
{
"status": "affected",
"version": "14.0(1)SR1"
},
{
"status": "affected",
"version": "11.0(6)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR7"
},
{
"status": "affected",
"version": "14.0(1)SR2"
},
{
"status": "affected",
"version": "14.1(1)"
},
{
"status": "affected",
"version": "14.0(1)SR3"
},
{
"status": "affected",
"version": "11.0(6)SR2"
},
{
"status": "affected",
"version": "14.1(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR2"
},
{
"status": "affected",
"version": "11.0(6)SR4"
},
{
"status": "affected",
"version": "14.2(1)"
},
{
"status": "affected",
"version": "14.2(1)SR1"
},
{
"status": "affected",
"version": "11.0(6)SR5"
},
{
"status": "affected",
"version": "14.1(1)SR3"
},
{
"status": "affected",
"version": "14.2(1)SR2"
},
{
"status": "affected",
"version": "3.1(1)"
},
{
"status": "affected",
"version": "3.0(1)"
},
{
"status": "affected",
"version": "2.3(1)"
},
{
"status": "affected",
"version": "2.3(1)SR1"
},
{
"status": "affected",
"version": "2.2(1)"
},
{
"status": "affected",
"version": "2.1(1)"
},
{
"status": "affected",
"version": "2.0(1)"
},
{
"status": "affected",
"version": "14.2(1)SR3"
},
{
"status": "affected",
"version": "3.1(1)SR1"
},
{
"status": "affected",
"version": "14.3(1)"
},
{
"status": "affected",
"version": "3.2(1)"
},
{
"status": "affected",
"version": "14.3(1)SR1"
},
{
"status": "affected",
"version": "14.2(1)SR4"
},
{
"status": "affected",
"version": "11.0(6)SR6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\n\r\nThis vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.\r\nNote: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T16:15:10.244Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-phone-dos-FPyjLV7A",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-dos-FPyjLV7A"
}
],
"source": {
"advisory": "cisco-sa-phone-dos-FPyjLV7A",
"defects": [
"CSCwn51601"
],
"discovery": "INTERNAL"
},
"title": "Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Denial of Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20350",
"datePublished": "2025-10-15T16:15:10.244Z",
"dateReserved": "2024-10-10T19:15:13.257Z",
"dateUpdated": "2025-10-15T17:42:59.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20336 (GCVE-0-2025-20336)
Vulnerability from nvd ā Published: 2025-09-03 17:41 ā Updated: 2025-09-03 17:57
VLAI?
Title
Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Disclosure Vulnerability
Summary
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability exists because the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. An attacker could exploit this vulnerability by sending a crafted packet to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information from the device.
Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Session Initiation Protocol (SIP) Software |
Affected:
12.1(1)SR1
Affected: 11.5(1) Affected: 10.3(2) Affected: 10.2(2) Affected: 10.3(1) Affected: 10.3(1)SR4 Affected: 11.0(1) Affected: 10.4(1)SR2 3rd Party Affected: 11.7(1) Affected: 12.1(1) Affected: 11.0(0.7) MPP Affected: 9.3(4) 3rd Party Affected: 12.5(1)SR2 Affected: 10.2(1)SR1 Affected: 9.3(4)SR3 3rd Party Affected: 10.2(1) Affected: 12.5(1) Affected: 10.3(1)SR2 Affected: 11-0-1MSR1-1 Affected: 10.4(1) 3rd Party Affected: 12.5(1)SR1 Affected: 11.5(1)SR1 Affected: 10.1(1)SR2 Affected: 12.0(1)SR2 Affected: 12.6(1) Affected: 10.3(1.11) 3rd Party Affected: 12.0(1) Affected: 12.0(1)SR1 Affected: 9.3(3) Affected: 12.5(1)SR3 Affected: 10.3(1)SR4b Affected: 9.3(4)SR1 3rd Party Affected: 10.3(1)SR5 Affected: 10.1(1.9) Affected: 10.3(1.9) 3rd Party Affected: 9.3(4)SR2 3rd Party Affected: 10.3(1)SR1 Affected: 10.3(1)SR3 Affected: 10.1(1)SR1 Affected: 12.0(1)SR3 Affected: 12.6(1)SR1 Affected: 12.7(1) Affected: 10.3(1)SR6 Affected: 12.8(1) Affected: 12.7(1)SR1 Affected: 12.8(1)SR1 Affected: 12.8(1)SR2 Affected: 14.0(1) Affected: 14.0(1)SR1 Affected: 10.3(1)SR7 Affected: 14.0(1)SR2 Affected: 14.1(1) Affected: 14.0(1)SR3 Affected: 14.1(1)SR1 Affected: 14.1(1)SR2 Affected: 14.2(1) Affected: 14.2(1)SR1 Affected: 14.1(1)SR3 Affected: 14.2(1)SR2 Affected: 3.1(1) Affected: 3.0(1) Affected: 2.3(1) Affected: 2.3(1)SR1 Affected: 2.2(1) Affected: 2.1(1) Affected: 2.0(1) Affected: 14.2(1)SR3 Affected: 3.1(1)SR1 Affected: 14.3(1) Affected: 3.2(1) Affected: 14.3(1)SR1 Affected: 14.2(1)SR4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20336",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T17:57:26.410747Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T17:57:31.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Session Initiation Protocol (SIP) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.1(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.3(1)SR4"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "10.4(1)SR2 3rd Party"
},
{
"status": "affected",
"version": "11.7(1)"
},
{
"status": "affected",
"version": "12.1(1)"
},
{
"status": "affected",
"version": "11.0(0.7) MPP"
},
{
"status": "affected",
"version": "9.3(4) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR2"
},
{
"status": "affected",
"version": "10.2(1)SR1"
},
{
"status": "affected",
"version": "9.3(4)SR3 3rd Party"
},
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "10.3(1)SR2"
},
{
"status": "affected",
"version": "11-0-1MSR1-1"
},
{
"status": "affected",
"version": "10.4(1) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)SR1"
},
{
"status": "affected",
"version": "10.1(1)SR2"
},
{
"status": "affected",
"version": "12.0(1)SR2"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "10.3(1.11) 3rd Party"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)SR1"
},
{
"status": "affected",
"version": "9.3(3)"
},
{
"status": "affected",
"version": "12.5(1)SR3"
},
{
"status": "affected",
"version": "10.3(1)SR4b"
},
{
"status": "affected",
"version": "9.3(4)SR1 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR5"
},
{
"status": "affected",
"version": "10.1(1.9)"
},
{
"status": "affected",
"version": "10.3(1.9) 3rd Party"
},
{
"status": "affected",
"version": "9.3(4)SR2 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR3"
},
{
"status": "affected",
"version": "10.1(1)SR1"
},
{
"status": "affected",
"version": "12.0(1)SR3"
},
{
"status": "affected",
"version": "12.6(1)SR1"
},
{
"status": "affected",
"version": "12.7(1)"
},
{
"status": "affected",
"version": "10.3(1)SR6"
},
{
"status": "affected",
"version": "12.8(1)"
},
{
"status": "affected",
"version": "12.7(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR2"
},
{
"status": "affected",
"version": "14.0(1)"
},
{
"status": "affected",
"version": "14.0(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR7"
},
{
"status": "affected",
"version": "14.0(1)SR2"
},
{
"status": "affected",
"version": "14.1(1)"
},
{
"status": "affected",
"version": "14.0(1)SR3"
},
{
"status": "affected",
"version": "14.1(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR2"
},
{
"status": "affected",
"version": "14.2(1)"
},
{
"status": "affected",
"version": "14.2(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR3"
},
{
"status": "affected",
"version": "14.2(1)SR2"
},
{
"status": "affected",
"version": "3.1(1)"
},
{
"status": "affected",
"version": "3.0(1)"
},
{
"status": "affected",
"version": "2.3(1)"
},
{
"status": "affected",
"version": "2.3(1)SR1"
},
{
"status": "affected",
"version": "2.2(1)"
},
{
"status": "affected",
"version": "2.1(1)"
},
{
"status": "affected",
"version": "2.0(1)"
},
{
"status": "affected",
"version": "14.2(1)SR3"
},
{
"status": "affected",
"version": "3.1(1)SR1"
},
{
"status": "affected",
"version": "14.3(1)"
},
{
"status": "affected",
"version": "3.2(1)"
},
{
"status": "affected",
"version": "14.3(1)SR1"
},
{
"status": "affected",
"version": "14.2(1)SR4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r\nThis vulnerability exists because the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. An attacker could exploit this vulnerability by sending a crafted packet to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information from the device.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T17:41:01.463Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-phone-write-g3kcC5Df",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-write-g3kcC5Df"
}
],
"source": {
"advisory": "cisco-sa-phone-write-g3kcC5Df",
"defects": [
"CSCwn51677"
],
"discovery": "INTERNAL"
},
"title": "Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20336",
"datePublished": "2025-09-03T17:41:01.463Z",
"dateReserved": "2024-10-10T19:15:13.255Z",
"dateUpdated": "2025-09-03T17:57:31.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20335 (GCVE-0-2025-20335)
Vulnerability from nvd ā Published: 2025-09-03 17:41 ā Updated: 2025-09-03 17:56
VLAI?
Title
Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Arbitrary File Write Vulnerability
Summary
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device.
This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system.
Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.
Severity ?
5.3 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Session Initiation Protocol (SIP) Software |
Affected:
12.1(1)SR1
Affected: 11.5(1) Affected: 10.3(2) Affected: 10.2(2) Affected: 10.3(1) Affected: 10.3(1)SR4 Affected: 11.0(1) Affected: 10.4(1)SR2 3rd Party Affected: 11.7(1) Affected: 12.1(1) Affected: 11.0(0.7) MPP Affected: 9.3(4) 3rd Party Affected: 12.5(1)SR2 Affected: 10.2(1)SR1 Affected: 9.3(4)SR3 3rd Party Affected: 10.2(1) Affected: 12.5(1) Affected: 10.3(1)SR2 Affected: 11-0-1MSR1-1 Affected: 10.4(1) 3rd Party Affected: 12.5(1)SR1 Affected: 11.5(1)SR1 Affected: 10.1(1)SR2 Affected: 12.0(1)SR2 Affected: 12.6(1) Affected: 10.3(1.11) 3rd Party Affected: 12.0(1) Affected: 12.0(1)SR1 Affected: 9.3(3) Affected: 12.5(1)SR3 Affected: 10.3(1)SR4b Affected: 9.3(4)SR1 3rd Party Affected: 10.3(1)SR5 Affected: 10.1(1.9) Affected: 10.3(1.9) 3rd Party Affected: 9.3(4)SR2 3rd Party Affected: 10.3(1)SR1 Affected: 10.3(1)SR3 Affected: 10.1(1)SR1 Affected: 12.0(1)SR3 Affected: 12.6(1)SR1 Affected: 12.7(1) Affected: 10.3(1)SR6 Affected: 12.8(1) Affected: 12.7(1)SR1 Affected: 11.0(2)SR1 Affected: 11.0(4) Affected: 11.0(2) Affected: 11.0(4)SR3 Affected: 11.0(5) Affected: 11.0(3)SR2 Affected: 11.0(3)SR4 Affected: 11.0(3)SR3 Affected: 11.0(2)SR2 Affected: 11.0(4)SR1 Affected: 11.0(5)SR3 Affected: 11.0(3) Affected: 11.0(5)SR2 Affected: 11.0(3)SR6 Affected: 11.0(5)SR1 Affected: 11.0(4)SR2 Affected: 11.0(3)SR1 Affected: 11.0(3)SR5 Affected: 11.0(6) Affected: 12.8(1)SR1 Affected: 12.8(1)SR2 Affected: 14.0(1) Affected: 14.0(1)SR1 Affected: 11.0(6)SR1 Affected: 10.3(1)SR7 Affected: 14.0(1)SR2 Affected: 14.1(1) Affected: 14.0(1)SR3 Affected: 11.0(6)SR2 Affected: 14.1(1)SR1 Affected: 14.1(1)SR2 Affected: 11.0(6)SR4 Affected: 14.2(1) Affected: 14.2(1)SR1 Affected: 11.0(6)SR5 Affected: 14.1(1)SR3 Affected: 14.2(1)SR2 Affected: 3.1(1) Affected: 3.0(1) Affected: 2.3(1) Affected: 2.3(1)SR1 Affected: 2.2(1) Affected: 2.1(1) Affected: 2.0(1) Affected: 14.2(1)SR3 Affected: 3.1(1)SR1 Affected: 14.3(1) Affected: 3.2(1) Affected: 14.3(1)SR1 Affected: 14.2(1)SR4 Affected: 11.0(6)SR6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20335",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-03T17:56:52.918108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T17:56:55.586Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Session Initiation Protocol (SIP) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.1(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.3(1)SR4"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "10.4(1)SR2 3rd Party"
},
{
"status": "affected",
"version": "11.7(1)"
},
{
"status": "affected",
"version": "12.1(1)"
},
{
"status": "affected",
"version": "11.0(0.7) MPP"
},
{
"status": "affected",
"version": "9.3(4) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR2"
},
{
"status": "affected",
"version": "10.2(1)SR1"
},
{
"status": "affected",
"version": "9.3(4)SR3 3rd Party"
},
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "10.3(1)SR2"
},
{
"status": "affected",
"version": "11-0-1MSR1-1"
},
{
"status": "affected",
"version": "10.4(1) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)SR1"
},
{
"status": "affected",
"version": "10.1(1)SR2"
},
{
"status": "affected",
"version": "12.0(1)SR2"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "10.3(1.11) 3rd Party"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)SR1"
},
{
"status": "affected",
"version": "9.3(3)"
},
{
"status": "affected",
"version": "12.5(1)SR3"
},
{
"status": "affected",
"version": "10.3(1)SR4b"
},
{
"status": "affected",
"version": "9.3(4)SR1 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR5"
},
{
"status": "affected",
"version": "10.1(1.9)"
},
{
"status": "affected",
"version": "10.3(1.9) 3rd Party"
},
{
"status": "affected",
"version": "9.3(4)SR2 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR3"
},
{
"status": "affected",
"version": "10.1(1)SR1"
},
{
"status": "affected",
"version": "12.0(1)SR3"
},
{
"status": "affected",
"version": "12.6(1)SR1"
},
{
"status": "affected",
"version": "12.7(1)"
},
{
"status": "affected",
"version": "10.3(1)SR6"
},
{
"status": "affected",
"version": "12.8(1)"
},
{
"status": "affected",
"version": "12.7(1)SR1"
},
{
"status": "affected",
"version": "11.0(2)SR1"
},
{
"status": "affected",
"version": "11.0(4)"
},
{
"status": "affected",
"version": "11.0(2)"
},
{
"status": "affected",
"version": "11.0(4)SR3"
},
{
"status": "affected",
"version": "11.0(5)"
},
{
"status": "affected",
"version": "11.0(3)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR4"
},
{
"status": "affected",
"version": "11.0(3)SR3"
},
{
"status": "affected",
"version": "11.0(2)SR2"
},
{
"status": "affected",
"version": "11.0(4)SR1"
},
{
"status": "affected",
"version": "11.0(5)SR3"
},
{
"status": "affected",
"version": "11.0(3)"
},
{
"status": "affected",
"version": "11.0(5)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR6"
},
{
"status": "affected",
"version": "11.0(5)SR1"
},
{
"status": "affected",
"version": "11.0(4)SR2"
},
{
"status": "affected",
"version": "11.0(3)SR1"
},
{
"status": "affected",
"version": "11.0(3)SR5"
},
{
"status": "affected",
"version": "11.0(6)"
},
{
"status": "affected",
"version": "12.8(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR2"
},
{
"status": "affected",
"version": "14.0(1)"
},
{
"status": "affected",
"version": "14.0(1)SR1"
},
{
"status": "affected",
"version": "11.0(6)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR7"
},
{
"status": "affected",
"version": "14.0(1)SR2"
},
{
"status": "affected",
"version": "14.1(1)"
},
{
"status": "affected",
"version": "14.0(1)SR3"
},
{
"status": "affected",
"version": "11.0(6)SR2"
},
{
"status": "affected",
"version": "14.1(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR2"
},
{
"status": "affected",
"version": "11.0(6)SR4"
},
{
"status": "affected",
"version": "14.2(1)"
},
{
"status": "affected",
"version": "14.2(1)SR1"
},
{
"status": "affected",
"version": "11.0(6)SR5"
},
{
"status": "affected",
"version": "14.1(1)SR3"
},
{
"status": "affected",
"version": "14.2(1)SR2"
},
{
"status": "affected",
"version": "3.1(1)"
},
{
"status": "affected",
"version": "3.0(1)"
},
{
"status": "affected",
"version": "2.3(1)"
},
{
"status": "affected",
"version": "2.3(1)SR1"
},
{
"status": "affected",
"version": "2.2(1)"
},
{
"status": "affected",
"version": "2.1(1)"
},
{
"status": "affected",
"version": "2.0(1)"
},
{
"status": "affected",
"version": "14.2(1)SR3"
},
{
"status": "affected",
"version": "3.1(1)SR1"
},
{
"status": "affected",
"version": "14.3(1)"
},
{
"status": "affected",
"version": "3.2(1)"
},
{
"status": "affected",
"version": "14.3(1)SR1"
},
{
"status": "affected",
"version": "14.2(1)SR4"
},
{
"status": "affected",
"version": "11.0(6)SR6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device.\r\n\r\nThis vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Control",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-03T17:41:06.201Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-phone-write-g3kcC5Df",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-write-g3kcC5Df"
}
],
"source": {
"advisory": "cisco-sa-phone-write-g3kcC5Df",
"defects": [
"CSCwn51679"
],
"discovery": "INTERNAL"
},
"title": "Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Arbitrary File Write Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20335",
"datePublished": "2025-09-03T17:41:06.201Z",
"dateReserved": "2024-10-10T19:15:13.255Z",
"dateUpdated": "2025-09-03T17:56:55.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20158 (GCVE-0-2025-20158)
Vulnerability from nvd ā Published: 2025-02-19 16:06 ā Updated: 2025-02-19 16:22
VLAI?
Title
Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability
Summary
A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access on the affected device. SSH access is disabled by default.
This vulnerability is due to insufficient validation of user-supplied input by the debug shell of an affected device. An attacker could exploit this vulnerability by sending a crafted SSH client command to the CLI. A successful exploit could allow the attacker to access sensitive information on the underlying operating system.
Severity ?
4.4 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Session Initiation Protocol (SIP) Software |
Affected:
3.1(1)
Affected: 3.0(1) Affected: 2.3(1) Affected: 2.3(1)SR1 Affected: 2.2(1) Affected: 2.1(1) Affected: 2.0(1) Affected: 3.1(1)SR1 Affected: 3.2(1) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T16:20:34.156069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T16:22:29.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Session Initiation Protocol (SIP) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "3.1(1)"
},
{
"status": "affected",
"version": "3.0(1)"
},
{
"status": "affected",
"version": "2.3(1)"
},
{
"status": "affected",
"version": "2.3(1)SR1"
},
{
"status": "affected",
"version": "2.2(1)"
},
{
"status": "affected",
"version": "2.1(1)"
},
{
"status": "affected",
"version": "2.0(1)"
},
{
"status": "affected",
"version": "3.1(1)SR1"
},
{
"status": "affected",
"version": "3.2(1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access on the affected device. SSH access is disabled by default.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the debug shell of an affected device. An attacker could exploit this vulnerability by sending a crafted SSH client command to the CLI. A successful exploit could allow the attacker to access sensitive information on the underlying operating system."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T16:06:00.812Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-phone-info-disc-YyxsWStK",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-info-disc-YyxsWStK"
}
],
"source": {
"advisory": "cisco-sa-phone-info-disc-YyxsWStK",
"defects": [
"CSCwn51779"
],
"discovery": "INTERNAL"
},
"title": "Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2025-20158",
"datePublished": "2025-02-19T16:06:00.812Z",
"dateReserved": "2024-10-10T19:15:13.217Z",
"dateUpdated": "2025-02-19T16:22:29.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20445 (GCVE-0-2024-20445)
Vulnerability from nvd ā Published: 2024-11-06 16:29 ā Updated: 2024-11-06 22:00
VLAI?
Title
Cisco IP Phone 7800, 8800, and 9800 Series Information Disclosure Vulnerability
Summary
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
This vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records.
Note: Web Access is disabled by default.
Severity ?
5.3 (Medium)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Session Initiation Protocol (SIP) Software |
Affected:
12.1(1)SR1
Affected: 11.5(1) Affected: 10.3(2) Affected: 10.2(2) Affected: 10.3(1) Affected: 10.3(1)SR4 Affected: 11.0(1) Affected: 10.4(1)SR2 3rd Party Affected: 11.7(1) Affected: 12.1(1) Affected: 11.0(0.7) MPP Affected: 9.3(4) 3rd Party Affected: 12.5(1)SR2 Affected: 10.2(1)SR1 Affected: 9.3(4)SR3 3rd Party Affected: 10.2(1) Affected: 12.5(1) Affected: 10.3(1)SR2 Affected: 11-0-1MSR1-1 Affected: 10.4(1) 3rd Party Affected: 12.5(1)SR1 Affected: 11.5(1)SR1 Affected: 10.1(1)SR2 Affected: 12.0(1)SR2 Affected: 12.6(1) Affected: 10.3(1.11) 3rd Party Affected: 12.0(1) Affected: 12.0(1)SR1 Affected: 9.3(3) Affected: 12.5(1)SR3 Affected: 10.3(1)SR4b Affected: 9.3(4)SR1 3rd Party Affected: 10.3(1)SR5 Affected: 10.1(1.9) Affected: 10.3(1.9) 3rd Party Affected: 9.3(4)SR2 3rd Party Affected: 10.3(1)SR1 Affected: 10.3(1)SR3 Affected: 10.1(1)SR1 Affected: 12.0(1)SR3 Affected: 12.6(1)SR1 Affected: 12.7(1) Affected: 10.3(1)SR6 Affected: 12.8(1) Affected: 12.7(1)SR1 Affected: 12.8(1)SR1 Affected: 12.8(1)SR2 Affected: 14.0(1) Affected: 14.0(1)SR1 Affected: 10.3(1)SR7 Affected: 14.0(1)SR2 Affected: 14.1(1) Affected: 14.0(1)SR3 Affected: 14.1(1)SR1 Affected: 14.1(1)SR2 Affected: 14.2(1) Affected: 14.2(1)SR1 Affected: 14.1(1)SR3 Affected: 14.2(1)SR2 Affected: 3.1(1) Affected: 3.0(1) Affected: 14.2(1)SR3 Affected: 3.1(1)SR1 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:sip_ip_phone_software:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sip_ip_phone_software",
"vendor": "cisco",
"versions": [
{
"status": "affected",
"version": "12.1(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.3(1)SR4"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "10.4(1)SR2_3rd_Party"
},
{
"status": "affected",
"version": "11.7(1)"
},
{
"status": "affected",
"version": "12.1(1)"
},
{
"status": "affected",
"version": "11.0(0.7)_MPP"
},
{
"status": "affected",
"version": "9.3(4)_3rd_Party"
},
{
"status": "affected",
"version": "12.5(1)SR2"
},
{
"status": "affected",
"version": "10.2(1)SR1"
},
{
"status": "affected",
"version": "9.3(4)SR3_3rd_Party"
},
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "10.3(1)SR2"
},
{
"status": "affected",
"version": "11-0-1MSR1-1"
},
{
"status": "affected",
"version": "10.4(1)_3rd_Party"
},
{
"status": "affected",
"version": "12.5(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)SR1"
},
{
"status": "affected",
"version": "10.1(1)SR2"
},
{
"status": "affected",
"version": "12.0(1)SR2"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "10.3(1.11)_3rd_Party"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)SR1"
},
{
"status": "affected",
"version": "9.3(3)"
},
{
"status": "affected",
"version": "12.5(1)SR3"
},
{
"status": "affected",
"version": "10.3(1)SR4b"
},
{
"status": "affected",
"version": "9.3(4)SR1_3rd_Party"
},
{
"status": "affected",
"version": "10.3(1)SR5"
},
{
"status": "affected",
"version": "10.1(1.9)"
},
{
"status": "affected",
"version": "10.3(1.9)_3rd_Party"
},
{
"status": "affected",
"version": "9.3(4)SR2_3rd_Party"
},
{
"status": "affected",
"version": "10.3(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR3"
},
{
"status": "affected",
"version": "10.1(1)SR1"
},
{
"status": "affected",
"version": "12.0(1)SR3"
},
{
"status": "affected",
"version": "12.6(1)SR1"
},
{
"status": "affected",
"version": "12.7(1)"
},
{
"status": "affected",
"version": "10.3(1)SR6"
},
{
"status": "affected",
"version": "12.8(1)"
},
{
"status": "affected",
"version": "12.7(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR2"
},
{
"status": "affected",
"version": "14.0(1)"
},
{
"status": "affected",
"version": "14.0(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR7"
},
{
"status": "affected",
"version": "14.0(1)SR2"
},
{
"status": "affected",
"version": "14.1(1)"
},
{
"status": "affected",
"version": "14.0(1)SR3"
},
{
"status": "affected",
"version": "14.1(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR2"
},
{
"status": "affected",
"version": "14.2(1)"
},
{
"status": "affected",
"version": "14.2(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR3"
},
{
"status": "affected",
"version": "14.2(1)SR2"
},
{
"status": "affected",
"version": "3.1(1)"
},
{
"status": "affected",
"version": "3.0(1)"
},
{
"status": "affected",
"version": "14.2(1)SR3"
},
{
"status": "affected",
"version": "3.1(1)SR1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20445",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T17:23:46.067108Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T22:00:02.234Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cisco Session Initiation Protocol (SIP) Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "12.1(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)"
},
{
"status": "affected",
"version": "10.3(2)"
},
{
"status": "affected",
"version": "10.2(2)"
},
{
"status": "affected",
"version": "10.3(1)"
},
{
"status": "affected",
"version": "10.3(1)SR4"
},
{
"status": "affected",
"version": "11.0(1)"
},
{
"status": "affected",
"version": "10.4(1)SR2 3rd Party"
},
{
"status": "affected",
"version": "11.7(1)"
},
{
"status": "affected",
"version": "12.1(1)"
},
{
"status": "affected",
"version": "11.0(0.7) MPP"
},
{
"status": "affected",
"version": "9.3(4) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR2"
},
{
"status": "affected",
"version": "10.2(1)SR1"
},
{
"status": "affected",
"version": "9.3(4)SR3 3rd Party"
},
{
"status": "affected",
"version": "10.2(1)"
},
{
"status": "affected",
"version": "12.5(1)"
},
{
"status": "affected",
"version": "10.3(1)SR2"
},
{
"status": "affected",
"version": "11-0-1MSR1-1"
},
{
"status": "affected",
"version": "10.4(1) 3rd Party"
},
{
"status": "affected",
"version": "12.5(1)SR1"
},
{
"status": "affected",
"version": "11.5(1)SR1"
},
{
"status": "affected",
"version": "10.1(1)SR2"
},
{
"status": "affected",
"version": "12.0(1)SR2"
},
{
"status": "affected",
"version": "12.6(1)"
},
{
"status": "affected",
"version": "10.3(1.11) 3rd Party"
},
{
"status": "affected",
"version": "12.0(1)"
},
{
"status": "affected",
"version": "12.0(1)SR1"
},
{
"status": "affected",
"version": "9.3(3)"
},
{
"status": "affected",
"version": "12.5(1)SR3"
},
{
"status": "affected",
"version": "10.3(1)SR4b"
},
{
"status": "affected",
"version": "9.3(4)SR1 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR5"
},
{
"status": "affected",
"version": "10.1(1.9)"
},
{
"status": "affected",
"version": "10.3(1.9) 3rd Party"
},
{
"status": "affected",
"version": "9.3(4)SR2 3rd Party"
},
{
"status": "affected",
"version": "10.3(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR3"
},
{
"status": "affected",
"version": "10.1(1)SR1"
},
{
"status": "affected",
"version": "12.0(1)SR3"
},
{
"status": "affected",
"version": "12.6(1)SR1"
},
{
"status": "affected",
"version": "12.7(1)"
},
{
"status": "affected",
"version": "10.3(1)SR6"
},
{
"status": "affected",
"version": "12.8(1)"
},
{
"status": "affected",
"version": "12.7(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR1"
},
{
"status": "affected",
"version": "12.8(1)SR2"
},
{
"status": "affected",
"version": "14.0(1)"
},
{
"status": "affected",
"version": "14.0(1)SR1"
},
{
"status": "affected",
"version": "10.3(1)SR7"
},
{
"status": "affected",
"version": "14.0(1)SR2"
},
{
"status": "affected",
"version": "14.1(1)"
},
{
"status": "affected",
"version": "14.0(1)SR3"
},
{
"status": "affected",
"version": "14.1(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR2"
},
{
"status": "affected",
"version": "14.2(1)"
},
{
"status": "affected",
"version": "14.2(1)SR1"
},
{
"status": "affected",
"version": "14.1(1)SR3"
},
{
"status": "affected",
"version": "14.2(1)SR2"
},
{
"status": "affected",
"version": "3.1(1)"
},
{
"status": "affected",
"version": "3.0(1)"
},
{
"status": "affected",
"version": "14.2(1)SR3"
},
{
"status": "affected",
"version": "3.1(1)SR1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records.\r\nNote: Web Access is disabled by default."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T16:29:06.293Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-phone-infodisc-sbyqQVbG",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG"
}
],
"source": {
"advisory": "cisco-sa-phone-infodisc-sbyqQVbG",
"defects": [
"CSCwk25862"
],
"discovery": "EXTERNAL"
},
"title": "Cisco IP Phone 7800, 8800, and 9800 Series Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20445",
"datePublished": "2024-11-06T16:29:06.293Z",
"dateReserved": "2023-11-08T15:08:07.678Z",
"dateUpdated": "2024-11-06T22:00:02.234Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20376 (GCVE-0-2024-20376)
Vulnerability from nvd ā Published: 2024-05-01 16:43 ā Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.
Severity ?
7.5 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco IP Phones with Multiplatform Firmware |
Affected:
11.3.1 MSR2-6
Affected: 11.3.1 MSR3-3 Affected: 11.3.2 Affected: 11.3.3 Affected: 11.3.1 MSR4-1 Affected: 11.3.4 Affected: 11.3.5 Affected: 11.3.3 MSR2 Affected: 11.3.3 MSR1 Affected: 11.3.6 Affected: 11-3-1MPPSR4UPG Affected: 11.3.7 Affected: 11-3-1MSR2UPG Affected: 11.3.6SR1 Affected: 11.3.7SR1 Affected: 11.3.7SR2 Affected: 11.0.0 Affected: 11.0.1 Affected: 11.0.1 MSR1-1 Affected: 11.0.2 Affected: 11.1.1 Affected: 11.1.1 MSR1-1 Affected: 11.1.1 MSR2-1 Affected: 11.1.2 Affected: 11.1.2 MSR1-1 Affected: 11.1.2 MSR3-1 Affected: 11.2.1 Affected: 11.2.2 Affected: 11.2.3 Affected: 11.2.3 MSR1-1 Affected: 11.2.4 Affected: 11.3.1 Affected: 11.3.1 MSR1-3 Affected: 4.5 Affected: 4.6 MSR1 Affected: 4.7.1 Affected: 4.8.1 Affected: 4.8.1 SR1 Affected: 5.0.1 Affected: 12.0.1 Affected: 12.0.2 Affected: 12.0.3 Affected: 12.0.3SR1 Affected: 12.0.4 Affected: 5.1.1 Affected: 5.1.2 Affected: 5.1(2)SR1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6871_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6821_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6851_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7821_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6861_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6825_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6841_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7811_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7841_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7861_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_8800_series_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "video_phone_8875_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20376",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T20:50:33.825806Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:47:10.312Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IP Phones with Multiplatform Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.3.1 MSR2-6"
},
{
"status": "affected",
"version": "11.3.1 MSR3-3"
},
{
"status": "affected",
"version": "11.3.2"
},
{
"status": "affected",
"version": "11.3.3"
},
{
"status": "affected",
"version": "11.3.1 MSR4-1"
},
{
"status": "affected",
"version": "11.3.4"
},
{
"status": "affected",
"version": "11.3.5"
},
{
"status": "affected",
"version": "11.3.3 MSR2"
},
{
"status": "affected",
"version": "11.3.3 MSR1"
},
{
"status": "affected",
"version": "11.3.6"
},
{
"status": "affected",
"version": "11-3-1MPPSR4UPG"
},
{
"status": "affected",
"version": "11.3.7"
},
{
"status": "affected",
"version": "11-3-1MSR2UPG"
},
{
"status": "affected",
"version": "11.3.6SR1"
},
{
"status": "affected",
"version": "11.3.7SR1"
},
{
"status": "affected",
"version": "11.3.7SR2"
},
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.0.1 MSR1-1"
},
{
"status": "affected",
"version": "11.0.2"
},
{
"status": "affected",
"version": "11.1.1"
},
{
"status": "affected",
"version": "11.1.1 MSR1-1"
},
{
"status": "affected",
"version": "11.1.1 MSR2-1"
},
{
"status": "affected",
"version": "11.1.2"
},
{
"status": "affected",
"version": "11.1.2 MSR1-1"
},
{
"status": "affected",
"version": "11.1.2 MSR3-1"
},
{
"status": "affected",
"version": "11.2.1"
},
{
"status": "affected",
"version": "11.2.2"
},
{
"status": "affected",
"version": "11.2.3"
},
{
"status": "affected",
"version": "11.2.3 MSR1-1"
},
{
"status": "affected",
"version": "11.2.4"
},
{
"status": "affected",
"version": "11.3.1"
},
{
"status": "affected",
"version": "11.3.1 MSR1-3"
},
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "4.6 MSR1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.1 SR1"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.3"
},
{
"status": "affected",
"version": "12.0.3SR1"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "5.1.1"
},
{
"status": "affected",
"version": "5.1.2"
},
{
"status": "affected",
"version": "5.1(2)SR1"
}
]
},
{
"product": "Cisco PhoneOS",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "2.1.1"
},
{
"status": "affected",
"version": "2.0.1"
},
{
"status": "affected",
"version": "2.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. \r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T16:43:15.553Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
}
],
"source": {
"advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"defects": [
"CSCwi64103",
"CSCwi64077"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20376",
"datePublished": "2024-05-01T16:43:15.553Z",
"dateReserved": "2023-11-08T15:08:07.655Z",
"dateUpdated": "2024-08-01T21:59:42.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20357 (GCVE-0-2024-20357)
Vulnerability from nvd ā Published: 2024-05-01 16:36 ā Updated: 2024-08-01 21:59
VLAI?
Summary
A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device.
This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.
Severity ?
5.9 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco IP Phones with Multiplatform Firmware |
Affected:
11.3.1 MSR2-6
Affected: 11.3.1 MSR3-3 Affected: 11.3.2 Affected: 11.3.3 Affected: 11.3.1 MSR4-1 Affected: 11.3.4 Affected: 11.3.5 Affected: 11.3.3 MSR2 Affected: 11.3.3 MSR1 Affected: 11.3.6 Affected: 11-3-1MPPSR4UPG Affected: 11.3.7 Affected: 11-3-1MSR2UPG Affected: 11.3.6SR1 Affected: 11.3.7SR1 Affected: 11.3.7SR2 Affected: 11.0.0 Affected: 11.0.1 Affected: 11.0.1 MSR1-1 Affected: 11.0.2 Affected: 11.1.1 Affected: 11.1.1 MSR1-1 Affected: 11.1.1 MSR2-1 Affected: 11.1.2 Affected: 11.1.2 MSR1-1 Affected: 11.1.2 MSR3-1 Affected: 11.2.1 Affected: 11.2.2 Affected: 11.2.3 Affected: 11.2.3 MSR1-1 Affected: 11.2.4 Affected: 11.3.1 Affected: 11.3.1 MSR1-3 Affected: 4.5 Affected: 4.6 MSR1 Affected: 4.7.1 Affected: 4.8.1 Affected: 4.8.1 SR1 Affected: 5.0.1 Affected: 12.0.1 Affected: 12.0.2 Affected: 12.0.3 Affected: 12.0.3SR1 Affected: 12.0.4 Affected: 5.1.1 Affected: 5.1.2 Affected: 5.1(2)SR1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6871_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6821_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6851_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7821_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6861_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6825_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6841_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7811_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7841_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7861_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_8800_series_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "video_phone_8875_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20357",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T20:55:26.843678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:45:13.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.103Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IP Phones with Multiplatform Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.3.1 MSR2-6"
},
{
"status": "affected",
"version": "11.3.1 MSR3-3"
},
{
"status": "affected",
"version": "11.3.2"
},
{
"status": "affected",
"version": "11.3.3"
},
{
"status": "affected",
"version": "11.3.1 MSR4-1"
},
{
"status": "affected",
"version": "11.3.4"
},
{
"status": "affected",
"version": "11.3.5"
},
{
"status": "affected",
"version": "11.3.3 MSR2"
},
{
"status": "affected",
"version": "11.3.3 MSR1"
},
{
"status": "affected",
"version": "11.3.6"
},
{
"status": "affected",
"version": "11-3-1MPPSR4UPG"
},
{
"status": "affected",
"version": "11.3.7"
},
{
"status": "affected",
"version": "11-3-1MSR2UPG"
},
{
"status": "affected",
"version": "11.3.6SR1"
},
{
"status": "affected",
"version": "11.3.7SR1"
},
{
"status": "affected",
"version": "11.3.7SR2"
},
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.0.1 MSR1-1"
},
{
"status": "affected",
"version": "11.0.2"
},
{
"status": "affected",
"version": "11.1.1"
},
{
"status": "affected",
"version": "11.1.1 MSR1-1"
},
{
"status": "affected",
"version": "11.1.1 MSR2-1"
},
{
"status": "affected",
"version": "11.1.2"
},
{
"status": "affected",
"version": "11.1.2 MSR1-1"
},
{
"status": "affected",
"version": "11.1.2 MSR3-1"
},
{
"status": "affected",
"version": "11.2.1"
},
{
"status": "affected",
"version": "11.2.2"
},
{
"status": "affected",
"version": "11.2.3"
},
{
"status": "affected",
"version": "11.2.3 MSR1-1"
},
{
"status": "affected",
"version": "11.2.4"
},
{
"status": "affected",
"version": "11.3.1"
},
{
"status": "affected",
"version": "11.3.1 MSR1-3"
},
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "4.6 MSR1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.1 SR1"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.3"
},
{
"status": "affected",
"version": "12.0.3SR1"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "5.1.1"
},
{
"status": "affected",
"version": "5.1.2"
},
{
"status": "affected",
"version": "5.1(2)SR1"
}
]
},
{
"product": "Cisco PhoneOS",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "2.1.1"
},
{
"status": "affected",
"version": "2.0.1"
},
{
"status": "affected",
"version": "2.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. \r\n\r This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "Out-of-bounds Write",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T16:36:53.907Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
}
],
"source": {
"advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"defects": [
"CSCwi64082",
"CSCwi64064"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20357",
"datePublished": "2024-05-01T16:36:53.907Z",
"dateReserved": "2023-11-08T15:08:07.649Z",
"dateUpdated": "2024-08-01T21:59:42.103Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-20221 (GCVE-0-2023-20221)
Vulnerability from nvd ā Published: 2023-08-16 21:01 ā Updated: 2024-08-02 09:05
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system.
This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition.
Severity ?
6.5 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco IP Phones with Multiplatform Firmware |
Affected:
11.3.1 MSR2-6
Affected: 11.3.1 MSR3-3 Affected: 11.3.2 Affected: 11.3.3 Affected: 11.3.4 Affected: 11.3.5 Affected: 11.3.3 MSR1 Affected: 11.3.6 Affected: 11-3-1MPPSR4UPG Affected: 11.3.7 Affected: 11-3-1MSR2UPG Affected: 11.3.6SR1 Affected: 11.3.7SR1 Affected: 11.3.7SR2 Affected: 11.0.0 Affected: 11.0.1 Affected: 11.0.1 MSR1-1 Affected: 11.0.2 Affected: 11.1.1 Affected: 11.1.1 MSR1-1 Affected: 11.1.1 MSR2-1 Affected: 11.1.2 Affected: 11.1.2 MSR1-1 Affected: 11.1.2 MSR3-1 Affected: 11.2.1 Affected: 11.2.2 Affected: 11.2.3 Affected: 11.2.3 MSR1-1 Affected: 11.2.4 Affected: 11.3.1 Affected: 11.3.1 MSR1-3 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ipphone-csrf-HOCmXW2c",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-csrf-HOCmXW2c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IP Phones with Multiplatform Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.3.1 MSR2-6"
},
{
"status": "affected",
"version": "11.3.1 MSR3-3"
},
{
"status": "affected",
"version": "11.3.2"
},
{
"status": "affected",
"version": "11.3.3"
},
{
"status": "affected",
"version": "11.3.4"
},
{
"status": "affected",
"version": "11.3.5"
},
{
"status": "affected",
"version": "11.3.3 MSR1"
},
{
"status": "affected",
"version": "11.3.6"
},
{
"status": "affected",
"version": "11-3-1MPPSR4UPG"
},
{
"status": "affected",
"version": "11.3.7"
},
{
"status": "affected",
"version": "11-3-1MSR2UPG"
},
{
"status": "affected",
"version": "11.3.6SR1"
},
{
"status": "affected",
"version": "11.3.7SR1"
},
{
"status": "affected",
"version": "11.3.7SR2"
},
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.0.1 MSR1-1"
},
{
"status": "affected",
"version": "11.0.2"
},
{
"status": "affected",
"version": "11.1.1"
},
{
"status": "affected",
"version": "11.1.1 MSR1-1"
},
{
"status": "affected",
"version": "11.1.1 MSR2-1"
},
{
"status": "affected",
"version": "11.1.2"
},
{
"status": "affected",
"version": "11.1.2 MSR1-1"
},
{
"status": "affected",
"version": "11.1.2 MSR3-1"
},
{
"status": "affected",
"version": "11.2.1"
},
{
"status": "affected",
"version": "11.2.2"
},
{
"status": "affected",
"version": "11.2.3"
},
{
"status": "affected",
"version": "11.2.3 MSR1-1"
},
{
"status": "affected",
"version": "11.2.4"
},
{
"status": "affected",
"version": "11.3.1"
},
{
"status": "affected",
"version": "11.3.1 MSR1-3"
}
]
},
{
"product": "Cisco PhoneOS",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:23.679Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ipphone-csrf-HOCmXW2c",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-csrf-HOCmXW2c"
}
],
"source": {
"advisory": "cisco-sa-ipphone-csrf-HOCmXW2c",
"defects": [
"CSCwc78409",
"CSCwc81103",
"CSCwc78412"
],
"discovery": "INTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20221",
"datePublished": "2023-08-16T21:01:05.872Z",
"dateReserved": "2022-10-27T18:47:50.368Z",
"dateUpdated": "2024-08-02T09:05:35.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}