PT-2023-1613 · Cisco · Cisco Ip Phone 7800+2
Zack Sanchez
·
Published
2023-03-01
·
Updated
2023-03-10
·
CVE-2023-20079
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco IP Phone 6800 versions (affected versions not specified)
Cisco IP Phone 7800 versions (affected versions not specified)
Cisco IP Phone 8800 versions (affected versions not specified)
Description
The issue is related to the web-based management interface of certain Cisco IP Phones, which could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. This could lead to a disruption in service.
Recommendations
For Cisco IP Phone 6800, update to a version that addresses the vulnerability.
For Cisco IP Phone 7800, update to a version that addresses the vulnerability.
For Cisco IP Phone 8800, update to a version that addresses the vulnerability.
As a temporary workaround, consider restricting access to the web-based management interface until a patch is available.
Fix
Stack Overflow
RCE
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Ip Phone 6800
Cisco Ip Phone 7800
Cisco Ip Phone 8800