Design/Logic Flaw

2023-03-0316:15:00

PRIOn knowledge base

www.prio-n.com

cisco ip phones

web-based management

remote attacker

arbitrary code

denial of service

nvd

7.9 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.3%

JSON

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

CPENameOperatorVersion
ip_phone_6825_firmwareeq< 11.3.7sr1
ip_phone_6841_firmwareeq< 11.3.7sr1
ip_phone_6851_firmwareeq< 11.3.7sr1
ip_phone_6861_firmwareeq< 11.3.7sr1
ip_phone_6871_firmwareeq< 11.3.7sr1
ip_phone_7811_firmwareeq< 11.3.7sr1
ip_phone_7821_firmwareeq< 11.3.7sr1
ip_phone_7832_firmwareeq< 11.3.7sr1
ip_phone_7841_firmwareeq< 11.3.7sr1
ip_phone_7861_firmwareeq< 11.3.7sr1

Name	Operator	Version
ip_phone_6825_firmware	eq	< 11.3.7sr1
ip_phone_6841_firmware	eq	< 11.3.7sr1
ip_phone_6851_firmware	eq	< 11.3.7sr1
ip_phone_6861_firmware	eq	< 11.3.7sr1
ip_phone_6871_firmware	eq	< 11.3.7sr1
ip_phone_7811_firmware	eq	< 11.3.7sr1
ip_phone_7821_firmware	eq	< 11.3.7sr1
ip_phone_7832_firmware	eq	< 11.3.7sr1
ip_phone_7841_firmware	eq	< 11.3.7sr1
ip_phone_7861_firmware	eq	< 11.3.7sr1