CVE-2019-1716

Name of the Vulnerable Software and Affected Versions Cisco IP Phone 8800 versions prior to 12.5(1)SR1 Cisco IP Phone 7800 versions prior to 12.5(1)SR1 Cisco IP Phone 8821 versions prior to 11.0(4)SR3 Cisco IP Phone 8821-EX versions prior to 11.0(4)SR3 Cisco IP Conference Phone 8831 versions prior to 10.3(1)SR5

Description The issue is related to insufficient validation of user-supplied input during authentication in the web-based management interface of Cisco IP Phones. This could allow a remote attacker to cause a denial of service condition or execute arbitrary code. An attacker could exploit this by connecting to an affected device using HTTP and supplying malicious user credentials, potentially triggering a reload of the device or executing code with the privileges of the app user.

Recommendations For Cisco IP Phone 8800 versions prior to 12.5(1)SR1, update to version 12.5(1)SR1 or later. For Cisco IP Phone 7800 versions prior to 12.5(1)SR1, update to version 12.5(1)SR1 or later. For Cisco IP Phone 8821 versions prior to 11.0(4)SR3, update to version 11.0(4)SR3 or later. For Cisco IP Phone 8821-EX versions prior to 11.0(4)SR3, update to version 11.0(4)SR3 or later. For Cisco IP Conference Phone 8831 versions prior to 10.3(1)SR5, update to version 10.3(1)SR5 or later.