CVE-2023-20078

Name of the Vulnerable Software and Affected Versions Cisco IP Phone versions prior to the fixed version

Description Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability is related to the possibility of command injection, which may allow a remote attacker to execute arbitrary code with root privileges.

Recommendations For Cisco IP Phone 6800, 7800, 7900, and 8800 Series products, update to the latest security patch released by Cisco to fix the critical vulnerability. As a temporary workaround, consider restricting access to the web-based management interface until a patch is applied. Avoid using the vulnerable web-based management interface until the issue is resolved. At the moment, there is no information about additional mitigation measures.