Cisco IP Phones vulnerabilities: known CVEs & security history

Cisco · Actively exploited · 8 tracked CVEs · 0 actively exploited · updated June 2026 · what is a CVE? →

This is the full list of known vulnerabilities (CVEs) across all Cisco IP Phones release lines — 8 in total. A CVE here doesn't mean your version is affected — check Cisco IP Phones's current status and the safe version to run.

known CVEs

actively exploited (KEV)

critical severity

ransomware-linked

Known Cisco IP Phones CVEs

Actively-exploited and most-severe first. Open any CVE for full details.

CVE	Severity	CVSS	EPSS	Year
CVE-2015-4226	high	7.1	3%	2015
CVE-2013-5533	medium	6	0%	2013
CVE-2014-0658	medium	5.4	3%	2014
CVE-2015-0602	medium	5	1%	2015
CVE-2015-0600	medium	5	2%	2015
CVE-2013-5532	medium	5	2%	2013
CVE-2013-3426	medium	5	1%	2013
CVE-2015-0603	medium	4.6	0%	2015

Is my Cisco IP Phones version affected?

The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.

Check your Cisco IP Phones version → · Monitor Cisco IP Phones for new CVEs →

Cisco IP Phones vulnerabilities — frequently asked

How many known vulnerabilities does Cisco IP Phones have?

IsItPatched tracks 8 CVEs for Cisco IP Phones. 0 are critical-severity and 1 high-severity. These span every release line — what matters is whether the version you run is affected.

Does Cisco IP Phones have any actively-exploited vulnerabilities?

None of Cisco IP Phones's tracked CVEs are currently in CISA's KEV catalog — but new ones can be added at any time, so keep your version current.

What is the most severe Cisco IP Phones vulnerability?

Among tracked issues, CVE-2015-4226 (HIGH, CVSS 7.1) ranks highest — a CWE-399 weakness.

Is Cisco IP Phones safe to use?

It depends on the version. The latest supported Cisco IP Phones release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.

CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Cisco IP Phones security status · Cisco IP Phones end-of-life · actively-exploited CVEs. Always verify against Cisco's advisories — see our disclaimer.