Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities
CVE-2023-20078

9.8CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Ip Phones With Multiplatform Firmware
Vendor: CVE Published:; 3 March 2023

Badges

👾 Exploit Exists

Summary

Certain Cisco IP Phones are susceptible to multiple vulnerabilities within their web-based management interface. An unauthenticated remote attacker could leverage these weaknesses to execute arbitrary code, potentially resulting in compromised devices and disrupted operations. Additionally, these vulnerabilities could lead to a denial of service (DoS) condition, affecting the availability and functionality of the phones. It is essential for users to address these vulnerabilities promptly by consulting Cisco's advisory for detailed remediation steps.

Affected Version(s)

Cisco IP Phones with Multiplatform Firmware

References

https://sec.cloudapps.cisco.com/security/center/content/C...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Oct 28, 2024
Vulnerability published
Mar 3, 2023
Vulnerability Reserved
Oct 27, 2022