Cisco issued two security advisories one of which discusses a vulnerability in Cisco Small Business SPA514G IP phones that could potentially lead to a denial of service (DoS) issue.
The phone problem, CVE-2018-0389, is rated high and affects the Cisco Small Business SPA514G IP phones that are running firmware release 7.6.2SR2 or earlier. It is due to a vulnerability in the implementation of Session Initiation Protocol processing that could be used by an attacker to render the phone unresponsive resulting in a DoS situation that will remain in effect until the phone is manually restarted.
Cisco has not issued a patch yet and there are no known workarounds.
The second advisory discloses the critical-rated vulnerability CVE-2019-1723 in the Cisco Common Services Platform Collector releases 2.7.2 through 220.127.116.11 and all releases of 2.8.x prior to 18.104.22.168. The issue centers on devices that retain a default or static password which could be used by an attacker to gain access, Cisco reported. A patch has been issued correcting this issue.