Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Cisco IP Phones

Source -

CNACISA

CNA CVEs -

1

ADP CVEs -

0

CISA CVEs -

1

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
2Vulnerabilities found
CVE-2020-3161
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-9.8||CRITICAL
EPSS-80.83% / 99.11%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 20:10
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.
Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ip_phone_8811ip_phone_7841_firmwareip_phone_8811_firmware8831_firmwareip_phone_7821ip_phone_8861_firmwareip_phone_8845ip_phone_7841ip_phone_7861ip_phone_8821-ex_firmwareip_phone_8841ip_phone_8821_firmwareip_phone_7821_firmwareip_phone_7811_firmwareip_phone_78118831ip_phone_8841_firmwareip_phone_8851_firmwareip_phone_8861ip_phone_8865ip_phone_8821-exip_phone_8845_firmwareip_phone_8851ip_phone_7861_firmwareip_phone_8821ip_phone_8865_firmwareCisco IP phoneCisco IP Phones
CWE ID-CWE-20
Improper Input Validation
CVE-2016-1421
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-4.73% / 88.97%
||
7 Day CHG~0.00%
Published-10 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ip_phoneip_phone_8800_series_firmwareCisco IP Phones
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer