CVE-2023-20221

Name of the Vulnerable Software and Affected Versions Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware (affected versions not specified) Cisco Video Phone 8875 (affected versions not specified)

Description The issue is related to insufficient CSRF protections for the web-based management interface of affected devices, allowing an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. An attacker could exploit this by persuading an authenticated user to follow a crafted link, potentially leading to a Denial of Service (DoS) condition through a factory reset of the affected device.

Recommendations As a temporary workaround, consider disabling access to the web-based management interface until a patch is available. Restrict access to the management interface to minimize the risk of exploitation. Avoid following crafted links from untrusted sources to prevent potential CSRF attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.