PT-2023-1613 · Cisco · Cisco Ip Phone 7800+2
Zack Sanchez
·
Publicado
2023-03-01
·
Atualizado
2023-03-10
·
CVE-2023-20079
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco IP Phone 6800 versions (affected versions not specified)
Cisco IP Phone 7800 versions (affected versions not specified)
Cisco IP Phone 8800 versions (affected versions not specified)
Description
The issue is related to the web-based management interface of certain Cisco IP Phones, which could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. This could lead to a disruption in service.
Recommendations
For Cisco IP Phone 6800, update to a version that addresses the vulnerability.
For Cisco IP Phone 7800, update to a version that addresses the vulnerability.
For Cisco IP Phone 8800, update to a version that addresses the vulnerability.
As a temporary workaround, consider restricting access to the web-based management interface until a patch is available.
Correção
Stack Overflow
RCE
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Cisco Ip Phone 6800
Cisco Ip Phone 7800
Cisco Ip Phone 8800