Kent Yoder

**Name of the Vulnerable Software and Affected Versions** Cisco Desk Phone 9800 Series Cisco IP Phone 7800 and 8800 Series Cisco Video Phone 8875 **Description** A vulnerability exists in the directory permissions of the affected devices, potentially allowing an unauthenticated, remote attacker to write arbitrary files on the device. This is due to a lack of proper authentication controls. An attacker could exploit this by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system. To exploit this vulnerability, Web Access must be enabled on the phone. **Recommendations** Ensure Web Access is disabled on the devices, as it is disabled by default.