Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerability

2023-01-1116:00:00

tools.cisco.com

vulnerability

cisco

ip phone

web management

authentication

bypass

remote attacker

user input

software update

0.001 Low

EPSS

Percentile

40.5%

JSON

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR”]

Affected configurations

Vulners

Node

ciscosession_initiation_protocol_\(sip\)_firmwareMatchany

CPENameOperatorVersion
cisco session initiation protocol (sip) softwareeqany
cisco session initiation protocol (sip) softwareeqany

CPE	Name	Operator	Version
	cisco session initiation protocol (sip) software	eq	any
	cisco session initiation protocol (sip) software	eq	any

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR

0.001 Low

EPSS

Percentile

40.5%

JSON

Related for CISCO-SA-IP-PHONE-AUTH-BYPASS-PSQXZRPR