Skip to main content

Unified Ip Phones 9900 Series Firmware

8 CVEs product

Monthly

CVE-2015-4226 HIGH This Week

The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Unified Ip Phones 9900 Series Firmware
NVD
CVSS 2.0
7.1
EPSS
0.7%
CVE-2015-0602 MEDIUM This Month

The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Ip Phones 9900 Series Firmware
NVD
CVSS 2.0
5.0
EPSS
0.3%
CVE-2015-0600 MEDIUM This Month

The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Ip Phones 9900 Series Firmware
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-0603 MEDIUM This Month

Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Denial Of Service Unified Ip Phones 9900 Series Firmware
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2014-0658 MEDIUM This Month

Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Unified Ip Phones 9900 Series Firmware Unified Ip Phone 9951 Unified Ip Phone 9971
NVD
CVSS 2.0
5.4
EPSS
1.7%
CVE-2013-5533 MEDIUM This Month

The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334. Rated medium severity (CVSS 6.0). No vendor patch available.

Information Disclosure Cisco Unified Ip Phones 9900 Series Firmware Unified Ip Phone 9951 Unified Ip Phone 9971
NVD
CVSS 2.0
6.0
EPSS
0.3%
CVE-2013-5532 MEDIUM This Month

Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco Unified Ip Phones 9900 Series Firmware Unified Ip Phone 9951 +1
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2013-3426 MEDIUM This Month

The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Unified Ip Phones 9900 Series Firmware Unified Ip Phone 9951 Unified Ip Phone 9971
NVD
CVSS 2.0
5.0
EPSS
0.4%
EPSS 1% CVSS 7.1
HIGH This Week

The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Cisco Denial Of Service Unified Ip Phones 9900 Series Firmware
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Unified Ip Phones 9900 Series Firmware
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Denial Of Service Unified Ip Phones 9900 Series Firmware
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Cisco Privilege Escalation Denial Of Service +1
NVD
EPSS 2% CVSS 5.4
MEDIUM This Month

Cisco 9900 Unified IP phones allow remote attackers to cause a denial of service (unregistration) via a crafted SIP header, aka Bug ID CSCul24898. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Cisco Unified Ip Phones 9900 Series Firmware +2
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

The image-upgrade functionality on Cisco 9900 Unified IP phones allows local users to gain privileges by placing shell commands in an unspecified parameter, aka Bug ID CSCuh10334. Rated medium severity (CVSS 6.0). No vendor patch available.

Information Disclosure Cisco Unified Ip Phones 9900 Series Firmware +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Buffer overflow in the web-application interface on Cisco 9900 IP phones allows remote attackers to cause a denial of service (webapp interface outage) via long values in unspecified fields, aka Bug. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Cisco +3
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Unified Ip Phones 9900 Series Firmware +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy