Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities

2023-03-0116:00:00

tools.cisco.com

cisco

ip phone

web-based

management interface

vulnerabilities

remote attacker

arbitrary code

denial of service

software updates

advisory

security advisory

0.003 Low

EPSS

Percentile

68.9%

JSON

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.

For more information about these vulnerabilities, see the Details [“#details”] section of this advisory.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP”]

Affected configurations

Vulners

Node

ciscoip_phone_7811_with_multiplatform_firmwareMatchany

ciscosession_initiation_protocol_\(sip\)_firmwareMatchany

ciscoip_phone_7811_with_multiplatform_firmwareMatchany

ciscosession_initiation_protocol_\(sip\)_firmwareMatchany

CPENameOperatorVersion
cisco ip phones with multiplatform firmwareeqany
cisco session initiation protocol (sip) softwareeqany
cisco ip phones with multiplatform firmwareeqany
cisco session initiation protocol (sip) softwareeqany

Name	Operator	Version
cisco ip phones with multiplatform firmware	eq	any
cisco session initiation protocol (sip) software	eq	any
cisco ip phones with multiplatform firmware	eq	any
cisco session initiation protocol (sip) software	eq	any