PT-2025-35814 · Cisco · Cisco Desk Phone 9800 Series+3
Zach Sanchez
·
Published
2025-09-03
·
Updated
2026-01-05
·
CVE-2025-20336
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco Desk Phone 9800 Series
Cisco IP Phone 7800 and 8800 Series
Cisco Video Phone 8875
Description
A vulnerability in the directory permissions of the affected devices could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability exists because the product exposes sensitive information to an unauthorized actor. An attacker could exploit this by sending a crafted packet to the IP address of a device with Web Access enabled. A successful exploit could allow the attacker to access sensitive information from the device.
Recommendations
Ensure Web Access is disabled on the devices, as it is disabled by default.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cisco Desk Phone 9800 Series
Cisco Ip Phone 7800 Series
Cisco Ip Phone 8800 Series
Cisco Video Phone 8875