Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities
CVE-2023-20079

9.8CRITICAL

Key Information:

Vendor: Cisco
Status: Cisco Ip Phones With Multiplatform Firmware
Vendor: CVE Published:; 3 March 2023

Badges

👾 Exploit Exists

Summary

Multiple vulnerabilities exist within the web-based management interface of various Cisco IP Phones, enabling unauthenticated remote attackers to execute arbitrary code or trigger a denial of service (DoS) situation. These threats pose significant risks to the security and functioning of the devices. It is crucial for organizations to identify and remediate these vulnerabilities to protect their communication infrastructure.

Affected Version(s)

Cisco IP Phones with Multiplatform Firmware

References

https://sec.cloudapps.cisco.com/security/center/content/C...

vendor-advisory

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Oct 28, 2024
Vulnerability published
Mar 3, 2023
Vulnerability Reserved
Oct 27, 2022