Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability

2022-04-0616:00:00

tools.cisco.com

cisco ip phone

csrf

multiplatform firmware

vulnerability

web-based interface

software updates

denial of service

EPSS

0.001

Percentile

33.4%

JSON

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system.

This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-csrf-K56vXvVx [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-csrf-K56vXvVx”]

Affected configurations

Vulners

Node

ciscoip_phone_8800_series_with_multiplatform_firmwareMatchany

ciscoip_phone_6825_with_multiplatform_firmwareMatchany

ciscounified_ip_phoneMatch7800_series_with_multiplatform_firmware

ciscounified_ip_phoneMatch6800_series_with_multiplatform_firmware

ciscounified_ip_phoneMatch8800_series_with_multiplatform_firmware

ciscoip_phone_6825_with_multiplatform_firmwareMatchany

VendorProductVersionCPE
ciscoip_phone_8800_series_with_multiplatform_firmwareanycpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:any:*:*:*:*:*:*:*
ciscoip_phone_6825_with_multiplatform_firmwareanycpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:any:*:*:*:*:*:*:*
ciscounified_ip_phone7800_series_with_multiplatform_firmwarecpe:2.3:h:cisco:unified_ip_phone:7800_series_with_multiplatform_firmware:*:*:*:*:*:*:*
ciscounified_ip_phone6800_series_with_multiplatform_firmwarecpe:2.3:h:cisco:unified_ip_phone:6800_series_with_multiplatform_firmware:*:*:*:*:*:*:*
ciscounified_ip_phone8800_series_with_multiplatform_firmwarecpe:2.3:h:cisco:unified_ip_phone:8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ip_phone_8800_series_with_multiplatform_firmware	any	cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:any:::::::*
cisco	ip_phone_6825_with_multiplatform_firmware	any	cpe:2.3:o:cisco:ip_phone_6825_with_multiplatform_firmware:any:::::::*
cisco	unified_ip_phone	7800_series_with_multiplatform_firmware	cpe:2.3:h:cisco:unified_ip_phone:7800_series_with_multiplatform_firmware:::::::*
cisco	unified_ip_phone	6800_series_with_multiplatform_firmware	cpe:2.3:h:cisco:unified_ip_phone:6800_series_with_multiplatform_firmware:::::::*
cisco	unified_ip_phone	8800_series_with_multiplatform_firmware	cpe:2.3:h:cisco:unified_ip_phone:8800_series_with_multiplatform_firmware:::::::*