All the vulnerabilites related to cisco - ip_phone_8800_series_firmware
cve-2017-6630
Vulnerability from cvelistv5
Published
2017-05-22 01:00
Modified
2024-08-05 15:33
Severity ?
Summary
A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795.
References
http://www.securitytracker.com/id/1038511vdb-entry, x_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sipx_refsource_CONFIRM
http://www.securityfocus.com/bid/98533vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:33:20.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038511",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038511"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip"
          },
          {
            "name": "98533",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98533"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IP Phone 8851",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco IP Phone 8851"
            }
          ]
        }
      ],
      "datePublic": "2017-05-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-399",
              "description": "CWE-399",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-07T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1038511",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038511"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip"
        },
        {
          "name": "98533",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98533"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-6630",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IP Phone 8851",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco IP Phone 8851"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038511",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038511"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip"
            },
            {
              "name": "98533",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98533"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-6630",
    "datePublished": "2017-05-22T01:00:00",
    "dateReserved": "2017-03-09T00:00:00",
    "dateUpdated": "2024-08-05T15:33:20.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-1479
Vulnerability from cvelistv5
Published
2016-08-22 10:00
Modified
2024-08-05 22:55
Severity ?
Summary
Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038.
References
http://www.securitytracker.com/id/1036646vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/92515vdb-entry, x_refsource_BID
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ippvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.511Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036646",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036646"
          },
          {
            "name": "92515",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92515"
          },
          {
            "name": "20160817 Cisco IP Phone 8800 Series Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ipp"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-15T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1036646",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036646"
        },
        {
          "name": "92515",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92515"
        },
        {
          "name": "20160817 Cisco IP Phone 8800 Series Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ipp"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1479",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036646",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036646"
            },
            {
              "name": "92515",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92515"
            },
            {
              "name": "20160817 Cisco IP Phone 8800 Series Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ipp"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1479",
    "datePublished": "2016-08-22T10:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.511Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-1435
Vulnerability from cvelistv5
Published
2016-06-23 00:00
Modified
2024-08-05 22:55
Severity ?
Summary
Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.
References
http://www.securitytracker.com/id/1036138vdb-entry, x_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ippvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.655Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1036138",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036138"
          },
          {
            "name": "20160620 Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ipp"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-28T20:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1036138",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036138"
        },
        {
          "name": "20160620 Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ipp"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1435",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1036138",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036138"
            },
            {
              "name": "20160620 Cisco 8800 Series IP Phone Filesystem Permission Enforcement Unauthorized Access Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ipp"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1435",
    "datePublished": "2016-06-23T00:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.655Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-1421
Vulnerability from cvelistv5
Published
2016-06-10 01:00
Modified
2024-08-05 22:55
Severity ?
Summary
A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ippvendor-advisory, x_refsource_CISCO
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ippvendor-advisory, x_refsource_CISCO
https://www.tenable.com/security/research/tra-2020-24x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.385Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160609 Cisco IP Phone 8800 Series Web Application Buffer Overflow Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
          },
          {
            "name": "20160609 Cisco IP Phones Web Application Buffer Overflow Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/research/tra-2020-24"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IP Phones",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.7(1)"
            }
          ]
        }
      ],
      "datePublic": "2016-06-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-119",
              "description": "CWE-119",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-16T16:27:48",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20160609 Cisco IP Phone 8800 Series Web Application Buffer Overflow Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
        },
        {
          "name": "20160609 Cisco IP Phones Web Application Buffer Overflow Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.tenable.com/security/research/tra-2020-24"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1421",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IP Phones",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "11.7(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160609 Cisco IP Phone 8800 Series Web Application Buffer Overflow Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
            },
            {
              "name": "20160609 Cisco IP Phones Web Application Buffer Overflow Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
            },
            {
              "name": "https://www.tenable.com/security/research/tra-2020-24",
              "refsource": "MISC",
              "url": "https://www.tenable.com/security/research/tra-2020-24"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1421",
    "datePublished": "2016-06-10T01:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.385Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-1434
Vulnerability from cvelistv5
Published
2016-06-23 00:00
Modified
2024-08-05 22:55
Severity ?
Summary
The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ip-phonevendor-advisory, x_refsource_CISCO
http://www.securitytracker.com/id/1036139vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160620 Cisco 8800 Series IP Phone Directory Traversal Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ip-phone"
          },
          {
            "name": "1036139",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036139"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-28T20:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20160620 Cisco 8800 Series IP Phone Directory Traversal Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ip-phone"
        },
        {
          "name": "1036139",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036139"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1434",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160620 Cisco 8800 Series IP Phone Directory Traversal Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ip-phone"
            },
            {
              "name": "1036139",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036139"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1434",
    "datePublished": "2016-06-23T00:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-1403
Vulnerability from cvelistv5
Published
2016-06-04 14:00
Modified
2024-08-05 22:55
Severity ?
Summary
CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ippvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.282Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160603 Cisco IP 8800 Series Phones btcli Utility Command Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-06-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-06-04T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20160603 Cisco IP 8800 Series Phones btcli Utility Command Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1403",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160603 Cisco IP 8800 Series Phones btcli Utility Command Injection Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1403",
    "datePublished": "2016-06-04T14:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-1476
Vulnerability from cvelistv5
Published
2016-08-22 10:00
Modified
2024-08-05 22:55
Severity ?
Summary
Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024.
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-ip-phone-8800vendor-advisory, x_refsource_CISCO
http://www.securityfocus.com/bid/92404vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1036595vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:55:14.466Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20160810 Cisco IP Phone 8800 Series Cross-Site Scripting Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-ip-phone-8800"
          },
          {
            "name": "92404",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/92404"
          },
          {
            "name": "1036595",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1036595"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-08-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-15T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20160810 Cisco IP Phone 8800 Series Cross-Site Scripting Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-ip-phone-8800"
        },
        {
          "name": "92404",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/92404"
        },
        {
          "name": "1036595",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1036595"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2016-1476",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20160810 Cisco IP Phone 8800 Series Cross-Site Scripting Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-ip-phone-8800"
            },
            {
              "name": "92404",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/92404"
            },
            {
              "name": "1036595",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1036595"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2016-1476",
    "datePublished": "2016-08-22T10:00:00",
    "dateReserved": "2016-01-04T00:00:00",
    "dateUpdated": "2024-08-05T22:55:14.466Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0461
Vulnerability from cvelistv5
Published
2019-01-10 16:00
Modified
2024-11-19 19:19
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.
References
http://www.securityfocus.com/bid/106515vdb-entry, x_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injectionvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:10.652Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106515",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106515"
          },
          {
            "name": "20190109 Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0461",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-19T17:25:47.192182Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-19T19:19:17.507Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IP Phone 8800 Series Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-11T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "106515",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106515"
        },
        {
          "name": "20190109 Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20190109-phone-script-injection",
        "defect": [
          [
            "CSCvm95999"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2019-01-09T16:00:00-0800",
          "ID": "CVE-2018-0461",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IP Phone 8800 Series Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "6.5",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106515",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106515"
            },
            {
              "name": "20190109 Cisco IP Phone 8800 Series Arbitrary Script Injection Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20190109-phone-script-injection",
          "defect": [
            [
              "CSCvm95999"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0461",
    "datePublished": "2019-01-10T16:00:00Z",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-19T19:19:17.507Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2015-6360
Vulnerability from cvelistv5
Published
2016-04-21 10:00
Modified
2024-08-06 07:22
Severity ?
Summary
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.
References
http://www.securitytracker.com/id/1035650vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1035649vdb-entry, x_refsource_SECTRACK
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtpvendor-advisory, x_refsource_CISCO
http://www.debian.org/security/2016/dsa-3539vendor-advisory, x_refsource_DEBIAN
http://www.securitytracker.com/id/1035651vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1035636vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1035648vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1035652vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1035637vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:22:21.120Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1035650",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035650"
          },
          {
            "name": "1035649",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035649"
          },
          {
            "name": "20160420 Multiple Cisco Products libSRTP Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp"
          },
          {
            "name": "DSA-3539",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3539"
          },
          {
            "name": "1035651",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035651"
          },
          {
            "name": "1035636",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035636"
          },
          {
            "name": "1035648",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035648"
          },
          {
            "name": "1035652",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035652"
          },
          {
            "name": "1035637",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035637"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-04-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-03T18:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1035650",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035650"
        },
        {
          "name": "1035649",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035649"
        },
        {
          "name": "20160420 Multiple Cisco Products libSRTP Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp"
        },
        {
          "name": "DSA-3539",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3539"
        },
        {
          "name": "1035651",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035651"
        },
        {
          "name": "1035636",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035636"
        },
        {
          "name": "1035648",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035648"
        },
        {
          "name": "1035652",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035652"
        },
        {
          "name": "1035637",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035637"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6360",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1035650",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035650"
            },
            {
              "name": "1035649",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035649"
            },
            {
              "name": "20160420 Multiple Cisco Products libSRTP Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp"
            },
            {
              "name": "DSA-3539",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3539"
            },
            {
              "name": "1035651",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035651"
            },
            {
              "name": "1035636",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035636"
            },
            {
              "name": "1035648",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035648"
            },
            {
              "name": "1035652",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035652"
            },
            {
              "name": "1035637",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035637"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-6360",
    "datePublished": "2016-04-21T10:00:00",
    "dateReserved": "2015-08-17T00:00:00",
    "dateUpdated": "2024-08-06T07:22:21.120Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-12328
Vulnerability from cvelistv5
Published
2017-11-30 09:00
Modified
2024-08-05 18:36
Severity ?
Summary
A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590.
References
http://www.securitytracker.com/id/1039922vdb-entry, x_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ippx_refsource_CONFIRM
http://www.securityfocus.com/bid/102003vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:36:56.243Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039922",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039922"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ipp"
          },
          {
            "name": "102003",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102003"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IP Phone 8800 Series",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco IP Phone 8800 Series"
            }
          ]
        }
      ],
      "datePublic": "2017-11-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-02T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1039922",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039922"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ipp"
        },
        {
          "name": "102003",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102003"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12328",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IP Phone 8800 Series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco IP Phone 8800 Series"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039922",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039922"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ipp",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ipp"
            },
            {
              "name": "102003",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102003"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-12328",
    "datePublished": "2017-11-30T09:00:00",
    "dateReserved": "2017-08-03T00:00:00",
    "dateUpdated": "2024-08-05T18:36:56.243Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-12305
Vulnerability from cvelistv5
Published
2017-11-16 07:00
Modified
2024-08-05 18:36
Severity ?
Summary
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034.
References
http://www.securitytracker.com/id/1039829vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/101869vdb-entry, x_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ippx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T18:36:54.480Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1039829",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039829"
          },
          {
            "name": "101869",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101869"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ipp"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IP Phone 8800 Series",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco IP Phone 8800 Series"
            }
          ]
        }
      ],
      "datePublic": "2017-11-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "CWE-77",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-18T10:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1039829",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039829"
        },
        {
          "name": "101869",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101869"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ipp"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2017-12305",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IP Phone 8800 Series",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco IP Phone 8800 Series"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-77"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1039829",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039829"
            },
            {
              "name": "101869",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101869"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ipp",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ipp"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2017-12305",
    "datePublished": "2017-11-16T07:00:00",
    "dateReserved": "2017-08-03T00:00:00",
    "dateUpdated": "2024-08-05T18:36:54.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2016-06-04 14:59
Modified
2024-11-21 02:46
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ippVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ippVendor Advisory
Impacted products
Vendor Product Version
cisco ip_phone_8800_series_firmware 10.2\(1\)
cisco ip_phone_8800_series_firmware 10.2\(2\)
cisco ip_phone_8800_series_firmware 10.3
cisco ip_phone_8800_series_firmware 10.3\(2\)
cisco ip_phone_8800_series_firmware 11.0\(1\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:10.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C6B61C89-25CD-40A5-B27D-5DC9FCB49885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:10.2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0071D010-06B7-49BC-A2A7-11CE1383B113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6DAAB5A-70C6-4FEE-B6D4-91919B3A0CB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:10.3\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "05ED7BA0-6B55-4A04-BBAF-102B99248302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "49CF653C-B5F5-427B-9FE9-D34D7B92AA13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005."
    },
    {
      "lang": "es",
      "value": "Tel\u00e9fonos CISCO IP 8800 con software 11.0.1 y versiones anteriores permite a usuarios locales obtener privilegios para para la ejecuci\u00f3n de comandos SO a trav\u00e9s de comandos CLI manipulados, tambi\u00e9n conocida como Bug ID CSCuz03005."
    }
  ],
  "id": "CVE-2016-1403",
  "lastModified": "2024-11-21T02:46:22.660",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-04T14:59:01.407",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160603-ipp"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-04-21 10:59
Modified
2024-11-21 02:34
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtpVendor Advisory
ykramarz@cisco.comhttp://www.debian.org/security/2016/dsa-3539
ykramarz@cisco.comhttp://www.securitytracker.com/id/1035636
ykramarz@cisco.comhttp://www.securitytracker.com/id/1035637
ykramarz@cisco.comhttp://www.securitytracker.com/id/1035648
ykramarz@cisco.comhttp://www.securitytracker.com/id/1035649
ykramarz@cisco.comhttp://www.securitytracker.com/id/1035650
ykramarz@cisco.comhttp://www.securitytracker.com/id/1035651
ykramarz@cisco.comhttp://www.securitytracker.com/id/1035652
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3539
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1035636
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1035637
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1035648
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1035649
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1035650
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1035651
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1035652
Impacted products
Vendor Product Version
cisco ios_xe 3.10s_3.10.0s
cisco ios_xe 3.10s_3.10.1s
cisco ios_xe 3.10s_3.10.1xbs
cisco ios_xe 3.10s_3.10.2s
cisco ios_xe 3.10s_3.10.2ts
cisco ios_xe 3.10s_3.10.4s
cisco ios_xe 3.10s_3.10.5s
cisco ios_xe 3.10s_3.10.6s
cisco ios_xe 3.10s_3.10.7s
cisco ios_xe 3.11s_3.11.0s
cisco ios_xe 3.11s_3.11.1s
cisco ios_xe 3.11s_3.11.2s
cisco ios_xe 3.11s_3.11.3s
cisco ios_xe 3.11s_3.11.4s
cisco ios_xe 3.13s_3.13.0s
cisco ios_xe 3.13s_3.13.1s
cisco ios_xe 3.13s_3.13.4s
cisco ios_xe 3.14s_3.14.0s
cisco ios_xe 3.15s_3.15.1s
cisco ios_xe 3.15s_3.15.2s
cisco webex_meeting_center base
cisco dx_series_ip_phones_firmware 9.3\(2\)
cisco ip_phone_7800_series_firmware 10.3\(1\)
cisco ip_phone_8800_series_firmware 10.3\(2\)
cisco ip_phone_8800_series_firmware 11.0\(1\)
cisco unified_ip_phone_6900_series_firmware 9.3\(2\)
cisco unified_ip_phone_7900_series_firmware 9.9\(9.99001.1\)
cisco unified_ip_phone_7900_series_firmware 9.9_base
cisco unified_ip_phone_8900_series_firmware 9.0\(1\)sr1
cisco unified_ip_phone_8900_series_firmware 9.0\(3\)
cisco unified_ip_phone_8900_series_firmware 9.0\(4\)
cisco unified_ip_phone_8900_series_firmware 9.1\(1\)sr1
cisco unified_ip_phone_8900_series_firmware 9.1\(2\)
cisco unified_ip_phone_8900_series_firmware 9.2\(1\)
cisco unified_ip_phone_8900_series_firmware 9.2\(2\)
cisco unified_ip_phone_8900_series_firmware 9.2\(2\)sr1
cisco unified_ip_phone_8900_series_firmware 9.2\(3\)
cisco unified_ip_phone_8900_series_firmware 9.2\(4\)
cisco unified_ip_phone_8900_series_firmware 9.3\(1\)
cisco unified_ip_phone_8900_series_firmware 9.3\(2\)
cisco unified_ip_phone_8900_series_firmware 9.3\(2\)sr1
cisco unified_ip_phone_8900_series_firmware 9.3\(4\)
cisco unified_ip_phone_8900_series_firmware 9.4\(1\)
cisco unified_ip_phone_8900_series_firmware 9.4\(1\)sr1
cisco unified_ip_phone_8900_series_firmware 9.4\(2\)
cisco unified_wireless_ip_phone_7920_firmware 1.0\(5\)
cisco unified_wireless_ip_phone_7920_firmware 1.0\(6\)
cisco unified_wireless_ip_phone_7920_firmware 1.0\(7\)
cisco unified_wireless_ip_phone_7920_firmware 1.0\(8\)
cisco unified_wireless_ip_phone_7920_firmware 1.0\(9\)
cisco unified_wireless_ip_phone_7920_firmware 1.0_base
cisco unified_wireless_ip_phone_7920_firmware 2.0_base
cisco adaptive_security_appliance_software 8.1.0.104
cisco adaptive_security_appliance_software 8.2.0.45
cisco adaptive_security_appliance_software 8.2.1
cisco adaptive_security_appliance_software 8.2.1.11
cisco adaptive_security_appliance_software 8.2.2
cisco adaptive_security_appliance_software 8.2.2.9
cisco adaptive_security_appliance_software 8.2.2.10
cisco adaptive_security_appliance_software 8.2.2.12
cisco adaptive_security_appliance_software 8.2.2.16
cisco adaptive_security_appliance_software 8.2.2.17
cisco adaptive_security_appliance_software 8.2.3
cisco adaptive_security_appliance_software 8.2.4
cisco adaptive_security_appliance_software 8.2.4.1
cisco adaptive_security_appliance_software 8.2.4.4
cisco adaptive_security_appliance_software 8.2.5
cisco adaptive_security_appliance_software 8.2.5.13
cisco adaptive_security_appliance_software 8.2.5.22
cisco adaptive_security_appliance_software 8.2.5.26
cisco adaptive_security_appliance_software 8.2.5.33
cisco adaptive_security_appliance_software 8.2.5.40
cisco adaptive_security_appliance_software 8.2.5.41
cisco adaptive_security_appliance_software 8.2.5.46
cisco adaptive_security_appliance_software 8.2.5.48
cisco adaptive_security_appliance_software 8.2.5.50
cisco adaptive_security_appliance_software 8.2.5.52
cisco adaptive_security_appliance_software 8.2.5.55
cisco adaptive_security_appliance_software 8.2.5.57
cisco adaptive_security_appliance_software 8.3.1
cisco adaptive_security_appliance_software 8.3.1.1
cisco adaptive_security_appliance_software 8.3.1.4
cisco adaptive_security_appliance_software 8.3.1.6
cisco adaptive_security_appliance_software 8.3.2
cisco adaptive_security_appliance_software 8.3.2.4
cisco adaptive_security_appliance_software 8.3.2.13
cisco adaptive_security_appliance_software 8.3.2.23
cisco adaptive_security_appliance_software 8.3.2.25
cisco adaptive_security_appliance_software 8.3.2.31
cisco adaptive_security_appliance_software 8.3.2.33
cisco adaptive_security_appliance_software 8.3.2.34
cisco adaptive_security_appliance_software 8.3.2.37
cisco adaptive_security_appliance_software 8.3.2.39
cisco adaptive_security_appliance_software 8.3.2.40
cisco adaptive_security_appliance_software 8.3.2.41
cisco adaptive_security_appliance_software 8.3.2.44
cisco adaptive_security_appliance_software 8.4.0
cisco adaptive_security_appliance_software 8.4.1
cisco adaptive_security_appliance_software 8.4.1.3
cisco adaptive_security_appliance_software 8.4.1.11
cisco adaptive_security_appliance_software 8.4.2
cisco adaptive_security_appliance_software 8.4.2.1
cisco adaptive_security_appliance_software 8.4.2.8
cisco adaptive_security_appliance_software 8.4.3
cisco adaptive_security_appliance_software 8.4.3.8
cisco adaptive_security_appliance_software 8.4.3.9
cisco adaptive_security_appliance_software 8.4.4
cisco adaptive_security_appliance_software 8.4.4.1
cisco adaptive_security_appliance_software 8.4.4.3
cisco adaptive_security_appliance_software 8.4.4.5
cisco adaptive_security_appliance_software 8.4.4.9
cisco adaptive_security_appliance_software 8.4.5
cisco adaptive_security_appliance_software 8.4.5.6
cisco adaptive_security_appliance_software 8.4.6
cisco adaptive_security_appliance_software 8.4.7
cisco adaptive_security_appliance_software 8.4.7.3
cisco adaptive_security_appliance_software 8.4.7.15
cisco adaptive_security_appliance_software 8.4.7.22
cisco adaptive_security_appliance_software 8.4.7.23
cisco adaptive_security_appliance_software 8.4.7.26
cisco adaptive_security_appliance_software 8.4.7.28
cisco adaptive_security_appliance_software 8.4.7.29
cisco adaptive_security_appliance_software 8.5.1
cisco adaptive_security_appliance_software 8.5.1.1
cisco adaptive_security_appliance_software 8.5.1.6
cisco adaptive_security_appliance_software 8.5.1.7
cisco adaptive_security_appliance_software 8.5.1.14
cisco adaptive_security_appliance_software 8.5.1.17
cisco adaptive_security_appliance_software 8.5.1.18
cisco adaptive_security_appliance_software 8.5.1.19
cisco adaptive_security_appliance_software 8.5.1.21
cisco adaptive_security_appliance_software 8.5.1.24
cisco adaptive_security_appliance_software 8.6.1
cisco adaptive_security_appliance_software 8.6.1.1
cisco adaptive_security_appliance_software 8.6.1.2
cisco adaptive_security_appliance_software 8.6.1.5
cisco adaptive_security_appliance_software 8.6.1.10
cisco adaptive_security_appliance_software 8.6.1.12
cisco adaptive_security_appliance_software 8.6.1.13
cisco adaptive_security_appliance_software 8.6.1.14
cisco adaptive_security_appliance_software 8.6.1.17
cisco adaptive_security_appliance_software 8.7.1
cisco adaptive_security_appliance_software 8.7.1.1
cisco adaptive_security_appliance_software 8.7.1.3
cisco adaptive_security_appliance_software 8.7.1.4
cisco adaptive_security_appliance_software 8.7.1.7
cisco adaptive_security_appliance_software 8.7.1.8
cisco adaptive_security_appliance_software 8.7.1.11
cisco adaptive_security_appliance_software 8.7.1.13
cisco adaptive_security_appliance_software 8.7.1.16
cisco adaptive_security_appliance_software 8.7.1.17
cisco adaptive_security_appliance_software 9.0.1
cisco adaptive_security_appliance_software 9.0.2
cisco adaptive_security_appliance_software 9.0.2.10
cisco adaptive_security_appliance_software 9.0.3
cisco adaptive_security_appliance_software 9.0.3.6
cisco adaptive_security_appliance_software 9.0.3.8
cisco adaptive_security_appliance_software 9.0.4
cisco adaptive_security_appliance_software 9.0.4.1
cisco adaptive_security_appliance_software 9.0.4.5
cisco adaptive_security_appliance_software 9.0.4.7
cisco adaptive_security_appliance_software 9.0.4.17
cisco adaptive_security_appliance_software 9.0.4.20
cisco adaptive_security_appliance_software 9.0.4.24
cisco adaptive_security_appliance_software 9.0.4.26
cisco adaptive_security_appliance_software 9.0.4.29
cisco adaptive_security_appliance_software 9.0.4.33
cisco adaptive_security_appliance_software 9.0.4.35
cisco adaptive_security_appliance_software 9.0.4.37
cisco adaptive_security_appliance_software 9.1.1
cisco adaptive_security_appliance_software 9.1.1.4
cisco adaptive_security_appliance_software 9.1.2
cisco adaptive_security_appliance_software 9.1.2.8
cisco adaptive_security_appliance_software 9.1.3
cisco adaptive_security_appliance_software 9.1.3.2
cisco adaptive_security_appliance_software 9.1.4
cisco adaptive_security_appliance_software 9.1.4.5
cisco adaptive_security_appliance_software 9.1.5
cisco adaptive_security_appliance_software 9.1.5.10
cisco adaptive_security_appliance_software 9.1.5.12
cisco adaptive_security_appliance_software 9.1.5.15
cisco adaptive_security_appliance_software 9.1.5.21
cisco adaptive_security_appliance_software 9.1.6
cisco adaptive_security_appliance_software 9.1.6.1
cisco adaptive_security_appliance_software 9.1.6.4
cisco adaptive_security_appliance_software 9.1.6.6
cisco adaptive_security_appliance_software 9.1.6.8
cisco adaptive_security_appliance_software 9.1.6.10
cisco adaptive_security_appliance_software 9.2\(0.0\)
cisco adaptive_security_appliance_software 9.2\(0.104\)
cisco adaptive_security_appliance_software 9.2\(3.1\)
cisco adaptive_security_appliance_software 9.2.1
cisco adaptive_security_appliance_software 9.2.2
cisco adaptive_security_appliance_software 9.2.2.4
cisco adaptive_security_appliance_software 9.2.2.7
cisco adaptive_security_appliance_software 9.2.2.8
cisco adaptive_security_appliance_software 9.2.3
cisco adaptive_security_appliance_software 9.2.3.3
cisco adaptive_security_appliance_software 9.2.3.4
cisco adaptive_security_appliance_software 9.2.4
cisco adaptive_security_appliance_software 9.3\(1.50\)
cisco adaptive_security_appliance_software 9.3\(1.105\)
cisco adaptive_security_appliance_software 9.3\(2.100\)
cisco adaptive_security_appliance_software 9.3\(2.243\)
cisco adaptive_security_appliance_software 9.3.1
cisco adaptive_security_appliance_software 9.3.1.1
cisco adaptive_security_appliance_software 9.3.2
cisco adaptive_security_appliance_software 9.3.2.2
cisco adaptive_security_appliance_software 9.3.3
cisco adaptive_security_appliance_software 9.3.3.1
cisco adaptive_security_appliance_software 9.3.3.2
cisco adaptive_security_appliance_software 9.3.3.5
cisco adaptive_security_appliance_software 9.3.5
cisco unity_connection 1.1\(1\)
cisco unity_connection 1.2_base
cisco unity_connection 2.0\(1\)
cisco unity_connection 2.0_base
cisco unity_connection 2.1_base
cisco unity_connection 7.0_base
cisco unity_connection 7.1\(1\)
cisco unity_connection 7.1\(2\)
cisco unity_connection 7.1\(2a\)
cisco unity_connection 7.1\(2a\)su1
cisco unity_connection 7.1\(2b\)
cisco unity_connection 7.1\(2b\)su1
cisco unity_connection 7.1\(3\)
cisco unity_connection 7.1\(3a\)
cisco unity_connection 7.1\(3a\)su1
cisco unity_connection 7.1\(3a\)su1a
cisco unity_connection 7.1\(3b\)
cisco unity_connection 7.1\(3b\)su1
cisco unity_connection 7.1\(3b\)su2
cisco unity_connection 7.1\(5\)
cisco unity_connection 7.1\(5\)su1a
cisco unity_connection 7.1\(5a\)
cisco unity_connection 7.1\(5b\)
cisco unity_connection 7.1\(5b\)su2
cisco unity_connection 7.1\(5b\)su3
cisco unity_connection 7.1\(5b\)su4
cisco unity_connection 7.1\(5b\)su5
cisco unity_connection 7.1\(5b\)su6
cisco unity_connection 7.1\(5b\)su6a
cisco unity_connection 7.1.5es33.32900-33
cisco unity_connection 7.1_base
cisco unity_connection 8.0_base
cisco unity_connection 8.5\(1\)
cisco unity_connection 8.5\(1\)su1
cisco unity_connection 8.5\(1\)su2
cisco unity_connection 8.5\(1\)su3
cisco unity_connection 8.5\(1\)su4
cisco unity_connection 8.5\(1\)su5
cisco unity_connection 8.5\(1\)su6
cisco unity_connection 8.5_base
cisco unity_connection 8.6\(1\)
cisco unity_connection 8.6\(1a\)
cisco unity_connection 8.6\(2\)
cisco unity_connection 8.6\(2a\)
cisco unity_connection 8.6\(2a\)su1
cisco unity_connection 8.6\(2a\)su2
cisco unity_connection 8.6\(2a\)su3
cisco unity_connection 8.6_base
cisco unity_connection 9.0\(1\)
cisco unity_connection 9.1\(1\)
cisco unity_connection 9.1\(1.10\)
cisco unity_connection 9.1\(2\)
cisco unity_connection 10.0.0
cisco unity_connection 10.0.5
cisco unity_connection 10.5\(2\)
cisco unity_connection 10.5\(2.3009\)
cisco unity_connection 10.5_base
cisco unity_connection 11.0\(0.98000.225\)
cisco unity_connection 11.0\(0.98000.332\)
cisco unity_connection 11.0_0
cisco unity_connection 11.5\(0.98\)
cisco unity_connection 11.5\(0.199\)
cisco unity_connection 11.5_base
cisco jabber_software_development_kit 8.6\(1\)
cisco jabber_software_development_kit 9.0\(1\)
cisco jabber_software_development_kit 9.2\(0\)
cisco jabber_software_development_kit 9.2\(1\)
cisco jabber_software_development_kit 9.2\(2\)
cisco jabber_software_development_kit 9.2\(3\)
cisco jabber_software_development_kit 9.2\(4\)
cisco jabber_software_development_kit 9.2\(5\)
cisco jabber_software_development_kit 9.2\(6\)
cisco jabber_software_development_kit 9.2\(7\)
cisco jabber_software_development_kit 9.3\(0\)
cisco jabber_software_development_kit 9.3\(1\)
cisco jabber_software_development_kit 9.3\(2\)
cisco libsrtp *
cisco unified_communications_manager 9.9\(9\)st1.9


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "E659A9C2-4E00-45F3-8F70-D9E18CDEE8D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B359E9A-65D2-447D-AA44-BEA158622923",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.1xbs:*:*:*:*:*:*:*",
              "matchCriteriaId": "B217F6BD-D867-459A-AC5E-760F0BD36602",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.2s:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E1B040D-CE1A-41A3-B0E9-1AA0CFC29899",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.2ts:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2DB331-8EF3-4AC2-874D-360F439741E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.4s:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD279792-84E4-4E9C-9DBD-2E0689279981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.5s:*:*:*:*:*:*:*",
              "matchCriteriaId": "67CF54E1-2890-4F70-81A1-04AFB98CC2BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.6s:*:*:*:*:*:*:*",
              "matchCriteriaId": "137FCB00-9FD5-4C45-9DE4-EC4BB2679049",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.10s_3.10.7s:*:*:*:*:*:*:*",
              "matchCriteriaId": "210240F9-5C68-4178-A785-60A606C32FC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "186A4D4A-5977-45BC-A054-72B20FA574FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DEF72D7-D889-4197-8469-A849050DE808",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.2s:*:*:*:*:*:*:*",
              "matchCriteriaId": "737754AA-C961-433E-B9D0-7C7ED0310F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.3s:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFCFC44D-F618-457B-BD53-F09224F1C599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.11s_3.11.4s:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BC5C495-4CFE-4126-A358-5E4B40D17CC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "663B2239-BC08-4C0C-A16C-FA7CFD0B1F1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "27806BF7-0971-4F71-A0CC-A9FADEF40F22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.13s_3.13.4s:*:*:*:*:*:*:*",
              "matchCriteriaId": "42425169-F2EE-4157-9AA6-CF1B4FD12B72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.14s_3.14.0s:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E1BE381-4C2A-45B1-9647-FB1581BF687A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.15s_3.15.1s:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD1C0761-BC14-4FD7-B852-88EAB4E78F83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ios_xe:3.15s_3.15.2s:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9C5187C-C7E0-4446-B528-C5DE1AAB90ED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:webex_meeting_center:base:*:*:*:*:*:*:*",
              "matchCriteriaId": "28A6CA7D-D7C8-4ECC-B5F1-200209A6892F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:dx_series_ip_phones_firmware:9.3\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "EDDBE37A-683F-4A7F-98DB-BBE6704F4A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_7800_series_firmware:10.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B0BBC8C6-00BA-42A2-8AEB-8713F1B839C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:10.3\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "05ED7BA0-6B55-4A04-BBAF-102B99248302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "49CF653C-B5F5-427B-9FE9-D34D7B92AA13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6900_series_firmware:9.3\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E87AAF0C-E9D4-4195-8343-CEEC9C52E75C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7900_series_firmware:9.9\\(9.99001.1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FB845296-F772-4A6E-98DC-68D7C2FA5686",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7900_series_firmware:9.9_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4CF2229-FB0B-40BA-B821-49CB26F458D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.0\\(1\\)sr1:*:*:*:*:*:*:*",
              "matchCriteriaId": "49B899D8-4784-483D-A833-C72371CEC12C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.0\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3E7619E1-E4A2-43B3-AF98-4917587C856E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.0\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "84ED85A1-D16F-4F8D-82C6-2E414EE2F590",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.1\\(1\\)sr1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2ED0C9E-118A-4C01-8788-6E6FD65CE60B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C420DA10-774A-4D38-A087-AFA6C52BB666",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F5456A29-0F99-427E-A181-C562B0BE837D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C4E0532D-53EC-471F-9689-1EE0248FBD10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.2\\(2\\)sr1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AA8A4E5-7E14-4BE9-AB2C-C2F6EB4E5F0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.2\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "68D74C73-E5E7-47BA-BA21-24E09E7A599F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.2\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DCA1FEE7-49E7-4065-BDA6-83F3D4CAC872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D14B1890-F038-4B20-9BDF-03676C148E90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.3\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "65D8F5AD-8676-4EFE-B4D1-93039F500C01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.3\\(2\\)sr1:*:*:*:*:*:*:*",
              "matchCriteriaId": "68CE6B62-66F8-4DD0-B245-5E7D5323EC0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.3\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "19516CAF-9167-47D8-A926-26A95CB19669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.4\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CA675CA8-56A1-4D47-94F3-04C974FF2DA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.4\\(1\\)sr1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF575CF9-F701-439D-8B58-DFD2625B87ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8900_series_firmware:9.4\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9ED2689D-A5CA-4B90-A336-BE3C850E4992",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "60ADF922-B1CE-4FFB-ADAF-48EDADC06F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0\\(6\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "03132810-121C-4210-8FE8-D8C49F9B5F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0\\(7\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8A0526B5-646B-4115-BA28-774AB6334DA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0\\(8\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "180F4593-7F86-4702-B248-A3D0AB20D675",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0\\(9\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "51CF8E3E-6D57-4DD7-91B7-7C6ADCDC1B55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "638A6537-62E1-4757-B857-603FA5C80C39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:2.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "551A4418-B9BD-4F22-ABF6-C981E3B4D91E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.1.0.104:*:*:*:*:*:*:*",
              "matchCriteriaId": "200F740F-9D7D-4A64-AE1F-276CF58241C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.0.45:*:*:*:*:*:*:*",
              "matchCriteriaId": "70158003-F6CA-4A5C-893C-BF885A388D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F2C8AFA-A4B6-44A2-B00C-1950997493C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "6297451E-196E-4C6D-9186-451BB42CAE8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "465313C5-BFB9-458A-8150-8F7BA1F8C386",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF399187-270F-4560-9C09-DF18132FA427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE7A928A-2CBA-43BC-B312-975EE9E24830",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CF721BA-25FF-485E-9102-5741AC9BC9B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F34D78E-68C9-4372-85F2-E74A1C8C06F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.2.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "05748A45-8423-42F4-8F95-7BA83548C4E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C15D1F6-997D-47FD-A654-AEF3332E6105",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA3E5F50-CBD1-4516-BC97-3AF59DB39A84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62B54134-5AC7-4D7E-A7F1-D4C2057FF146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AFE499E-09BB-4C86-AC74-7568B2D3CA51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0B5BF7-18FB-4066-947E-7352B9951AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "B42DD43A-B6BD-4C2B-BA57-928501C62388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDE65B75-4987-4E77-8814-F7BC9875924A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "C890603E-6634-46E2-AFA9-ADE8ED1B9E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEBAB79E-83BF-4AD1-875B-D015A18ECB82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DA41C5E-F854-4729-9498-C54FA5C00664",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B08E743-488A-4F99-ABA6-98AD534B603B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "978A0B9D-1B1D-4E22-893C-52DE75247BA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD17927A-7AFA-4177-A34E-5FEB7A9400AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E4B884F-EDE6-4055-83D8-609D2D1E518F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "8570FBED-D38F-49ED-8C6A-E241BF7E1274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2889989-8D9C-4E06-8477-8BCF6DC7D84A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.2.5.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "02E9724F-AD95-4572-BD8F-27B71F8EBC5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5990B883-0B5A-44F0-B4DC-8031ED0F2026",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BA74460-D26D-4C0A-B697-DF9003096065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "90BEB7A8-B2DB-46EB-9265-AB88476B1002",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DF80D39-35D2-447C-A809-E4C819FEEF25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7F417BC-5835-4F29-8DB6-03A62B7B2364",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D90599A3-F885-414E-94F9-B4AECEB34D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "0185F882-E031-4B16-8DB3-62F76FBB78C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "092FB46B-A4A4-40E5-B474-4FC36ADC427C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEB27EFB-BF82-493D-ADF2-7395B4E2A55F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AD84D98-1B98-454C-AF63-DE5E76E17C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D975A3B-0B3C-44E6-BE9C-AA73CF97AF78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DAF32AF-EF06-4663-BFBE-1334D491A212",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9FB85D8-B247-4921-AE49-C2A1C2FDEB5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "29BA59C8-F3D0-4B94-824B-F3CDAB465D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBF3C75D-751C-444F-A4AF-303409B22B1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7CD6FE3-1B32-461E-9215-0F016798B61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.3.2.44:*:*:*:*:*:*:*",
              "matchCriteriaId": "22552CF4-01F8-46A8-ADD4-7BABFA574330",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA1C5485-EAF4-4F4D-AFA1-E105F433665E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "989F9AC4-C2D1-49A0-95C3-79A4EB827E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFE2E079-D7AC-4FE9-8938-A75C12AF5CA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B442C852-2465-4EA8-A977-1F10A4CE23AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6DB6ED4-3095-46C1-9CB6-2975A7B05303",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE68CD8E-B9CF-4519-8B0E-4C4488B34887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D762C9A7-005C-44FD-9BB2-7A1DD4EBE90B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE0B1212-87F3-46E5-B14A-C0C6BBAAAC98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "518D4826-06B0-4DDC-B082-A536418FD292",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E343DE08-58FA-4C39-99F9-8CB5F57D0CD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "76363698-DB62-4D92-8EE4-069891A9F92C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6159BEE3-D097-4E07-9962-06DB740E2AE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD606591-F69A-47AD-9256-20B98CA16135",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4EF3895-F372-45D3-9C7D-15F5C4712D08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DC5960D-B917-4ABA-850F-A710676ACB40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B746A138-6650-49A3-87C8-3728FE5CF215",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E50C2A13-5A8B-4FA5-ABB8-1157E560503B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "909F9D55-9276-4CF1-BC63-7CEEF8F25C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F383D276-D5EC-4335-AC09-9D30F6443AF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C2A7FF-6AC3-42B5-954A-9AA5950C523A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7F36A8-C291-423D-AF28-56AAD8D0F712",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2009F4-F832-49D6-8346-54A7328BD93B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9221DD4-498A-4867-B647-47E42299CE45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "B839A425-E08C-41B1-9270-E177E40B1E27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F4DDF53-0995-4971-A980-30FD15A40C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.4.7.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F3BD921-A58A-47EB-B90D-21C3A5D02D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "800FE449-350D-4C4C-A8C2-D4C5A3B59F36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C49BF8F7-5ACE-4D90-8F17-1AA9D3A2FD7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE6D050-F186-492C-9813-895433B2612A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6157AA5C-8297-4A32-B0A8-1E7E801E9CD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5A13091-02C6-4D98-90C9-ED4C43BDAFAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2C3E0E1-C3F3-4D53-8116-7D1AF3CD53CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "59F3DB48-E1EE-44E9-85DE-9FD7D5C59B4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "27E064BD-CBC0-4556-9BCF-87D808809237",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "63D5DC14-187B-4808-8377-5FF44A11AA3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.5.1.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "64079FC4-53D8-4DBF-A2D5-2CED256F4939",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FF969BE-46BB-4AD7-85AB-8384426E9551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8EEA7A5-67FD-4CA4-8FF8-4B17A9C47B61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E618B3-DD03-4ECD-AB9B-97F1EDF95E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D0DFE19-1C68-40E6-B8CD-9CC03F8B4281",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "20424324-881A-496B-BC55-62AA75994249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D67012F3-5153-400E-BD6F-EB0949875F2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E40E9AB5-26E0-4BA2-9AFA-496BAA0EAC77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6BA4B2D-187A-47EC-8BE1-7EA178549476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.6.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CF52FB9-4EA9-41A7-AD29-E963C09FC98C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "04C8C6E9-D5C3-42DC-B431-9097B2FCCB52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B5CF41-7F01-4AE9-B54B-8DB6909504B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3BDD9D1-0DE3-4FA7-BDC1-2A724162CEEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C80EAFF-E577-414A-9DDE-D27A41CB3DC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "26CC07CC-0C79-48ED-BEB6-4B576A0DBD68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "83FA6817-C5B7-410F-9CF7-801CC958C12E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "1576FC7F-B7DD-41DD-A95E-23B1F86E4B02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "3768E4B0-E457-47AB-99B0-7C1A0E0CBE35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D142088-0265-4987-8F5C-029F3DD06A18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:8.7.1.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "76EDEE39-865D-4DA3-B1C9-033F2FF1A56F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "500ED3CC-4FE8-4A24-ACFE-8D7E35E50D22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD2AE76B-D04E-4D0C-85E4-8AD07F7BDEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E1C03C-0737-4E2B-B3F9-10770281F4AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C7052D2-0789-4A4D-917D-FCD894B7280F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0956F0A8-7424-437C-AAD8-203183BEBFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "49FB57F9-5B37-4509-B2EB-6A16DFE11F03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "952F6504-9CD0-453E-8C25-02BB9EE818F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E842AF74-D1E3-4F71-80F9-197B38942405",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0B97FB1-CC3A-40B5-853D-476E6C5D9D6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F6293A8-C21E-46F6-ACC1-6BBAD419B41F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC1A48B1-112A-41C2-BC01-BCCF5794553D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2AE7036-C8EE-441F-94A4-DE8A9E89CA8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "6448B4B4-022D-4D4A-A6DE-0090CEA12595",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "42813600-3186-4D19-8AF2-F4F98D3C6740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC0969E6-151D-4298-8EC8-68D7880E994B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0091CE-3386-4CCC-A2A8-900842EA6F51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5A450E0-09E4-44C5-B55C-78A4BDAADA45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.0.4.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "8285C95A-316D-4965-A34D-3BCB9AB83FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4714F698-BBAE-47BB-99E8-F90D22415EDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB55BC7E-0B3F-4202-8768-08F27B763926",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFB01683-C482-4A5B-90FA-B5266BEA452E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA16481A-4A47-4A8E-8C78-87B3A171280A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C0258ED-6ED0-49C7-A13A-368711649FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B7A71AA-E1A6-47B7-B2B2-A3115CAA4058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D448BB56-5B2E-4B3E-B7E8-1F4991F23D81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0346EAC-BDD1-4DC5-B8CA-20579C44AFE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2049D602-54F1-4072-936E-0D7E337162B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0710D6C8-AD34-43E2-B72B-315FFF3DC34F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "70F8F1D2-2196-44C4-B420-824F49BB4ACF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E14B8D3-6D53-4E84-9B5D-24667B192C4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.5.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "A05B2DFD-A0EF-42BE-B00B-334E78CA8C10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CC96C9-492F-49CB-BEFE-356581E96B3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "78F1F7D4-EC51-47D1-A71A-9EF98C51D388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D5E93DE-06C0-401C-8062-1B2EB6EFDED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5EBFAB-25E2-4245-B748-92CAA943D4C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8BFB446-5747-42BB-98BC-B8DF250F1842",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EF48794-2E5D-4BE0-9BB5-49ADE34F4A82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(0.0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A3A13A9C-5387-4670-8E20-FE878946D091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(0.104\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9F7C7DA3-C24B-41BB-BDBE-7DC58EEAC4F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2\\(3.1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "AFC39DA3-8171-4344-A946-7965873C56F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9C31567-8AEB-49C6-AA60-4150411D62AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA140CB2-C17C-4164-A59A-8585906057BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "468D98A7-92D5-4C01-9EDD-CB44B85EA6BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BAAC9FE-CCF0-4385-B5E9-FC424CD3EFD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C9DEB1C-F9B9-4291-92B5-8EEEADC57E51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39330218-32FA-42FF-B5CA-288B7D140304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A92D7CED-D036-414B-B9EB-DCAF7F425A7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4AAAB02-140D-46F2-A315-5791BF5A853F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EB02DBE-6D60-4D0E-8E9D-7611C3C32748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(1.50\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1E044883-9952-477A-B2AA-3E0BB90C96A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(1.105\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2E26A1B0-D61C-4A25-8E10-02A2E3E7A02B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(2.100\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6F4A28B7-87A2-464A-92A8-644E3F7D13D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3\\(2.243\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8D83ED80-972A-4548-9AB0-10F9A23DF749",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26D99395-D18D-458E-9880-19B7767F69D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E4CE047-3FEF-4A72-AD06-EC77D71EBCD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED33F68A-9EB0-416A-A0A5-0DF2C349FFEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F7DD812-DC72-4816-8B0F-361C32B2CD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC41D4CD-D5EA-4678-B3AA-962C7C937118",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "996C9552-5743-4639-A077-5B057605DF21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5779CE0-7691-47DA-902C-4D32D6650C9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C69BE69-7C19-4ED3-98D3-04B1D41E56FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFE9F46B-DD74-4295-BB6A-9239E29F4416",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:1.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2541F3D6-BD69-47D6-8070-DDCEDEE7F497",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:1.2_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B38FA24-E514-40CA-A28E-C72440B0637A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:2.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BCD675A5-D5FD-464A-8DBA-69687609913D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:2.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5E48B3D-0CFF-49AD-AD7C-C54F8BDD8748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:2.1_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "74E91D00-4862-41B7-AC81-98BED5B41DA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "8801B286-C800-44EF-9B0D-E6B4A42C8CAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "83C049EE-23C2-4FBE-A94A-DB5EA2BCC113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B52ADDA2-D366-474C-AE65-83998FED89F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6CBE0184-2D1B-4DA2-B1B6-59B3E013557A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(2a\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "51C6DED4-9D0D-4FE3-BC94-BE1B6CBCCB5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(2b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2FBF4DF8-EA6E-4160-918C-8938188E22E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(2b\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0591D082-7290-476D-A0B8-DEA649AE661D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8CB1C1C9-5F1A-40F7-BEB0-66B1793C538C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(3a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B69719BD-D624-479A-BF75-04A6D1691585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(3a\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "851E3C54-848C-4D6A-AC2E-9FADC3377377",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(3a\\)su1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "90C04291-80AC-4804-86DE-D7D5653F3824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(3b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CFC6E1B0-2BEB-45C1-90F5-F79D1FBC714A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(3b\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "95F18323-F108-4816-8AC5-F8CBADCDB06E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(3b\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE18C174-CFDF-48E9-B46B-696BDCF6F02E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5EE964E1-0A54-49C4-A1EC-5707DBADC4B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5\\)su1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0610189-1E2D-4CED-AB12-E80E7F9F1930",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E56D2B86-DAC0-4E3C-A13C-4908D4312487",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7026853F-6467-41C8-AE31-B8742D230473",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DB6DB1C-9493-4FE6-BBED-11C5B0BDCAE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "286C8ECF-BFEB-41BD-8286-595B27AB5CB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6106891F-A7EF-4380-AF53-F644C637487E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8C9FCF4-3F53-4805-B564-40AF29140804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAA60E66-4CC6-4FEE-A876-ABF53F54908C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1\\(5b\\)su6a:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEB3A0EE-0191-4BF5-96DB-F417F0533740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1.5es33.32900-33:*:*:*:*:*:*:*",
              "matchCriteriaId": "77F37DEF-08E5-4F54-89B0-3E0CA4FBE4AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:7.1_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B58CC96-2E5E-42E9-9252-49271AC052D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:8.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "93141BE8-20AB-42DC-9838-8FE00F215342",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "101FCDD0-DC91-4111-975E-DE618D3B4E9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D386D8CD-D6EA-4705-ABDC-EA6558F5AC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B1917B-197C-4E28-9356-2ACC4C4DB932",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5567A000-338E-40D7-9481-674B8FFC142D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA991A88-D49E-4957-B404-6E3C15C96994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BECA1F06-6FFD-4A0D-B140-B25E39FB8513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su6:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ADCE50E-87C1-49D7-B127-92174327EAB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:8.5_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D11810A-80D7-41BB-B370-30218FF52F17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C547C041-6C58-44D5-93D7-C02E04E93994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "C40F61A6-A992-4DA4-9730-D145055596C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "78970987-BD6E-48A0-AF43-540C925E1F97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "632B8CDD-5ACC-4FFB-950B-480CC43D192D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7740A5EF-538E-4095-91F5-E4DC03EDB35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D805DD4A-269D-4399-B6BF-7F40F98C3BE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A06A53BA-668B-41C0-B223-6637487EF113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:8.6_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "82B3ABB4-A33A-4886-9871-C24B33B3AEE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:9.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6793E1F6-DC57-4A13-B49D-0ED45E48426C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:9.1\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "50CD06E4-0C09-4DD7-B106-56DC680CE333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:9.1\\(1.10\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "612C46BC-40CC-47F6-9166-4001144FB311",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:9.1\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BA2751A8-A3CF-4CC7-A7F2-003165C1AEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:10.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A49C1C0B-4B2A-4F13-996D-E3ED1F96C2A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:10.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5CC8FF5-F0FA-41E8-AD78-D277AB9776DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:10.5\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "02F5AF19-C869-4A55-B4D7-38C0FFABCC6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:10.5\\(2.3009\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0C9B5432-11E5-4800-BB0F-48DFCAF409FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:10.5_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A358C37-6257-41E6-90ED-61CDE709F085",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:11.0\\(0.98000.225\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1961B4F5-C2E1-41C3-AD4A-F3ABA03EFD7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:11.0\\(0.98000.332\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0E9973BA-EC31-459A-9E10-4C0F6D5D6C4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:11.0_0:*:*:*:*:*:*:*",
              "matchCriteriaId": "14E894A4-3F92-4AA3-8E48-4223DBC3B2EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:11.5\\(0.98\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "93B09544-1D66-4ECD-9346-81EA5E2373E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:11.5\\(0.199\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0B4971DD-92BD-4F11-A290-F3F0258A4432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:unity_connection:11.5_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "96143B66-C21D-43BE-BC94-C28B69FCBFAF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:8.6\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5F07CC41-0B27-4B97-B0D9-73C8F6D71021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6E093F79-9ABA-4FEF-A178-8FA6EF2F871F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "73EE1905-615B-4893-ABD2-C979B095A8B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FA685E8E-676D-45A2-9383-37A4506F798B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "26F4872B-01EA-4473-B490-668C9AB29789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6D5FA4C9-EEB4-4AC7-ACA1-90A4BEC4A2C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "414CEEED-2EAB-4BFF-9C28-A82069497B5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "A4459D13-45E1-40F6-A5D3-4DD1632A8C45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(6\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FA527DCA-7F9A-4A7B-8C4F-9EED0B36E038",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.2\\(7\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D749F811-40EA-420C-883D-DDD31C9F3145",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.3\\(0\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "896D4FA3-FF50-4C50-B823-04436C0E9B4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.3\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B14AF067-2224-4A72-BA36-31435CB116F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:jabber_software_development_kit:9.3\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DE679CDD-D0C0-4E76-A295-C714AFF10723",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:libsrtp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B2CFC42-D8FA-4C51-B1F1-0A03EC23A10A",
              "versionEndIncluding": "1.5.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:unified_communications_manager:9.9\\(9\\)st1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DBDE7B3-6B02-450F-BFE3-FA25ABA7CCF7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686."
    },
    {
      "lang": "es",
      "value": "La caracter\u00edstica de procesado de cifrado en Cisco libSRTP en versiones anteriores a 1.5.3 permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de campos manipulados en paquetes SRTP, tambi\u00e9n conocida como Bug ID CSCux00686."
    }
  ],
  "id": "CVE-2015-6360",
  "lastModified": "2024-11-21T02:34:51.213",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-04-21T10:59:00.117",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.debian.org/security/2016/dsa-3539"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1035636"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1035637"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1035648"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1035649"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1035650"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1035651"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1035652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2016/dsa-3539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035636"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035637"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035648"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035649"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035650"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035652"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-06-23 00:59
Modified
2024-11-21 02:46
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ip-phoneVendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1036139
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ip-phoneVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036139
Impacted products
Vendor Product Version
cisco ip_phone_8800 -
cisco ip_phone_8800_series_firmware 11.0\(1\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1BBEA07-3154-4270-B865-D4AD26EB3B42",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "49CF653C-B5F5-427B-9FE9-D34D7B92AA13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The license-certificate upload functionality on Cisco 8800 phones with software 11.0(1) allows remote authenticated users to delete arbitrary files via an invalid file, aka Bug ID CSCuz03010."
    },
    {
      "lang": "es",
      "value": "La funcionalidad license-certificate upload en tel\u00e9fonos Cisco 8800 con software 11.0(1) permite a usuarios remotos autenticados borrar archivos arbitrarios a trav\u00e9s de un archivo inv\u00e1lido, tambi\u00e9n conocido como Bug ID CSCuz03010."
    }
  ],
  "id": "CVE-2016-1434",
  "lastModified": "2024-11-21T02:46:26.197",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-23T00:59:03.190",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ip-phone"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1036139"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ip-phone"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036139"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-11-16 07:29
Modified
2024-11-21 03:09
Severity ?
6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034.
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/101869Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1039829Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ippVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101869Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039829Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ippVendor Advisory
Impacted products
Vendor Product Version
cisco ip_phone_8800_series_firmware *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E03817EE-30B6-468D-96C9-D5C2CA99DD4B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the debug interface of Cisco IP Phone 8800 series could allow an authenticated, local attacker to execute arbitrary commands, aka Debug Shell Command Injection. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting additional command input to the affected parameter in the debug shell. Cisco Bug IDs: CSCvf80034."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de depuraci\u00f3n de Cisco IP Phone 8800 series podr\u00eda permitir que un atacante local autenticado ejecute comandos arbitrarios. Esto tambi\u00e9n se conoce como Debug Shell Command Injection. Esta vulnerabilidad se debe a una validaci\u00f3n de entradas insuficiente. Un atacante podr\u00eda explotar esta vulnerabilidad autentic\u00e1ndose en el dispositivo y enviando entradas de comandos adicionales al par\u00e1metro afectado en el shell de depuraci\u00f3n. Cisco Bug IDs: CSCvf80034."
    }
  ],
  "id": "CVE-2017-12305",
  "lastModified": "2024-11-21T03:09:16.333",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-16T07:29:00.507",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101869"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039829"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ipp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039829"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-ipp"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-06-10 01:59
Modified
2024-11-21 02:46
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ippVendor Advisory
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp
ykramarz@cisco.comhttps://www.tenable.com/security/research/tra-2020-24
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ippVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/research/tra-2020-24
Impacted products
Vendor Product Version
cisco ip_phone *
cisco ip_phone_8800_series_firmware 11.0\(1\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F0554B7-0160-4885-B366-ED2C15E7EAF7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "49CF653C-B5F5-427B-9FE9-D34D7B92AA13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web application for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software fails to check the bounds of input data. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la aplicaci\u00f3n web para los tel\u00e9fonos IP de Cisco podr\u00eda permitir que un atacante remoto no autenticado ejecute c\u00f3digo con privilegios de root o provoque una recarga de un tel\u00e9fono IP afectado, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad existe porque el software afectado no puede verificar los l\u00edmites de los datos de entrada. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud HTTP especialmente dise\u00f1ada al servidor web de un dispositivo objetivo. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo de forma remota con privilegios de root o causar una recarga de un tel\u00e9fono IP afectado, lo que provocar\u00eda una condici\u00f3n DoS."
    }
  ],
  "id": "CVE-2016-1421",
  "lastModified": "2024-11-21T02:46:24.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-10T01:59:06.037",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://www.tenable.com/security/research/tra-2020-24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160609-ipp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.tenable.com/security/research/tra-2020-24"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-08-22 10:59
Modified
2024-11-21 02:46
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ippMitigation, Vendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/92515
ykramarz@cisco.comhttp://www.securitytracker.com/id/1036646
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ippMitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/92515
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036646
Impacted products
Vendor Product Version
cisco ip_phone_8800_series_firmware 11.0\(1\)
cisco ip_phone_8800 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "49CF653C-B5F5-427B-9FE9-D34D7B92AA13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1BBEA07-3154-4270-B865-D4AD26EB3B42",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco IP Phone 8800 devices with software 11.0(1) allow remote attackers to cause a denial of service (memory corruption) via a crafted HTTP request, aka Bug ID CSCuz03038."
    },
    {
      "lang": "es",
      "value": "Dispostivos Cisco IP Phone 8800 con software 11.0(1) permiten a atacantes remotos causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de una petici\u00f3n HTTP manipulada, tambi\u00e9n conocido como Bug ID CSCuz03038."
    }
  ],
  "id": "CVE-2016-1479",
  "lastModified": "2024-11-21T02:46:31.117",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-08-22T10:59:03.197",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ipp"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/92515"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1036646"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-ipp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/92515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036646"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-01-10 16:29
Modified
2024-11-21 03:38
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited.
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/106515Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injectionVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106515Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injectionVendor Advisory
Impacted products
Vendor Product Version
cisco ip_phone_8800_series_firmware 12.5\(1\)
cisco ip_phone_8811 -
cisco ip_phone_8841 -
cisco ip_phone_8845 -
cisco ip_phone_8851 -
cisco ip_phone_8861 -
cisco ip_phone_8865 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:12.5\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "98070A9A-E891-490E-9D20-65BB551DC9EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Cisco IP Phone 8800 Series Software could allow an unauthenticated, remote attacker to conduct an arbitrary script injection attack on an affected device. The vulnerability exists because the software running on an affected device insufficiently validates user-supplied data. An attacker could exploit this vulnerability by persuading a user to click a malicious link provided to the user or through the interface of an affected device. A successful exploit could allow an attacker to execute arbitrary script code in the context of the user interface or access sensitive system-based information, which under normal circumstances should be prohibited."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el software Cisco IP Phone 8800 Series podr\u00eda permitir que un atacante remoto sin autenticar lleve a cabo un ataque de inyecci\u00f3n de scripts en un sistema afectado. La vulnerabilidad existe debido a que el software que se ejecuta en un dispositivo afectado no valida lo suficiente los datos proporcionados por el usuario. Un atacante podr\u00eda explotar esta vulnerabilidad convenciendo a un usuario de que haga clic sobre un enlace malicioso que se le proporciona o mediante la interfaz de un dispositivo afectado. Un exploit con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo script arbitrario en el contexto de la interfaz de usuario o acceder a informaci\u00f3n sensible del sistema, lo que en circunstancias normales deber\u00eda estar prohibido."
    }
  ],
  "id": "CVE-2018-0461",
  "lastModified": "2024-11-21T03:38:16.827",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-10T16:29:00.287",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106515"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106515"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-phone-script-injection"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-08-22 10:59
Modified
2024-11-21 02:46
Severity ?
5.4 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-ip-phone-8800Mitigation, Vendor Advisory
ykramarz@cisco.comhttp://www.securityfocus.com/bid/92404
ykramarz@cisco.comhttp://www.securitytracker.com/id/1036595
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-ip-phone-8800Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/92404
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036595
Impacted products
Vendor Product Version
cisco ip_phone_8800_series_firmware 11.0_base
cisco ip_phone_8800 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0_base:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E4B119E-96BB-4E0A-BC27-C5599B8FF8DF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1BBEA07-3154-4270-B865-D4AD26EB3B42",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de XSS en dispositivos Cisco IP Phone 8800 con software 11.0 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de par\u00e1metros manipulados, tambi\u00e9n conocido como Bug ID CSCuz03024."
    }
  ],
  "id": "CVE-2016-1476",
  "lastModified": "2024-11-21T02:46:30.773",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-08-22T10:59:02.073",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-ip-phone-8800"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securityfocus.com/bid/92404"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1036595"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160810-ip-phone-8800"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/92404"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036595"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-05-22 01:29
Modified
2024-11-21 03:30
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795.
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/98533Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1038511
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sipVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/98533Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038511
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sipVendor Advisory
Impacted products
Vendor Product Version
cisco ip_phone_8800_series_firmware 11.0\(0.1\)
cisco ip_phone_8851 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\\(0.1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CB3EA97A-DBC1-487B-919F-4F4E69607A43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Session Initiation Protocol (SIP) implementation of Cisco IP Phone 8851 11.0(0.1) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to an abnormal SIP message. An attacker could exploit this vulnerability by manipulating the CANCEL packet. An exploit could allow the attacker to cause a disruption of service to the phone. Cisco Bug IDs: CSCvc34795."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en la implementaci\u00f3n del Protocolo de inicio de sesi\u00f3n (SIP) de Cisco IP Phone 8851 versi\u00f3n 11.0 (0.1) podr\u00eda permitir a un atacante remoto no autenticado causar una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad se debe a un mensaje SIP anormal. Un atacante podr\u00eda explotar esta vulnerabilidad manipulando el paquete CANCEL. Un exploit podr\u00eda permitir al atacante causar una interrupci\u00f3n del servicio al tel\u00e9fono. ID de errores de Cisco: CSCvc34795"
    }
  ],
  "id": "CVE-2017-6630",
  "lastModified": "2024-11-21T03:30:10.177",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-22T01:29:00.180",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98533"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1038511"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98533"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-sip"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-11-30 09:29
Modified
2024-11-21 03:09
Severity ?
5.8 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L
Summary
A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590.
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/102003Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1039922Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ippVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102003Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039922Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ippVendor Advisory
Impacted products
Vendor Product Version
cisco ip_phone_8800_series_firmware 11.0\(0.1\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\\(0.1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CB3EA97A-DBC1-487B-919F-4F4E69607A43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Session Initiation Protocol (SIP) call handling in Cisco IP Phone 8800 Series devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition because the SIP process unexpectedly restarts. All active phone calls are dropped as the SIP process restarts. The vulnerability is due to incomplete input validation of the SIP packet header. An attacker could exploit this vulnerability by sending a malformed SIP packet to a targeted phone. An exploit could allow the attacker to cause a DoS condition because all phone calls are dropped when the SIP process unexpectedly restarts. Cisco Bug IDs: CSCvc62590."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la manipulaci\u00f3n de llamadas SIP (Session Initiation Protocol) de los dispositivos de la serie 8800 de Cisco IP Phone podr\u00eda permitir que un atacante remoto no autenticado provoque una denegaci\u00f3n de servicio (DoS) porque el proceso SIP se reinicia de manera inesperada. Todas las llamadas telef\u00f3nicas activas se colgar\u00edan al reiniciarse el proceso SIP. Esta vulnerabilidad se debe a la incompleta validaci\u00f3n de entradas de la cabecera de los paquetes SIP. Un atacante podr\u00eda explotar esta vulnerabilidad enviando un paquete SIP mal formado al tel\u00e9fono objetivo. El atacante podr\u00eda utilizar un exploit para provocar una denegaci\u00f3n de servicio (DoS) porque todas las llamadas telef\u00f3nicas se cuelgan cuando el proceso SIP se reinicia de manera inesperada. Cisco Bug IDs: CSCvc62590."
    }
  ],
  "id": "CVE-2017-12328",
  "lastModified": "2024-11-21T03:09:18.827",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-30T09:29:00.260",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102003"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039922"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ipp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039922"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-ipp"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-06-23 00:59
Modified
2024-11-21 02:46
Severity ?
7.0 (High) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ippVendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1036138
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ippVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1036138
Impacted products
Vendor Product Version
cisco ip_phone_8800 *
cisco ip_phone_8800_series_firmware 11.0\(1\)


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8800:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3B04A55-716F-4BCD-8F99-8EE0B5292671",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8800_series_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "49CF653C-B5F5-427B-9FE9-D34D7B92AA13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco 8800 phones with software 11.0(1) do not properly enforce mounted-filesystem permissions, which allows local users to write to arbitrary files by leveraging shell access, aka Bug ID CSCuz03014."
    },
    {
      "lang": "es",
      "value": "Tel\u00e9fonos Cisco 8800 con software 11.0(1) no hace cumplir adecuadamente los permisos de montado en el sistema de archivos, lo que permite a usuarios locales escribir a los ficheros arbitrarios mediante el aprovechamiento de acceso shell, tambi\u00e9n conocido como Bug ID CSCuz03014."
    }
  ],
  "id": "CVE-2016-1435",
  "lastModified": "2024-11-21T02:46:26.307",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 1.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-06-23T00:59:04.223",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ipp"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://www.securitytracker.com/id/1036138"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160620-ipp"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1036138"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}