Description

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition.

Related CPE's

o

cisco

video_phone_8875_firmware

Vulnerable

h

cisco

video_phone_8875

-

o

cisco

ip_phone_6821_with_multiplatform_firmware

31

h

cisco

ip_phone_6821

-

o

cisco

ip_phone_6825_with_multiplatform_firmware

31

h

cisco

ip_phone_6825

-

o

cisco

ip_phone_6841_with_multiplatform_firmware

31

h

cisco

ip_phone_6841

-

o

cisco

ip_phone_6851_with_multiplatform_firmware

31

h

cisco

ip_phone_6851

-

o

cisco

ip_phone_6861_with_multiplatform_firmware

31

h

cisco

ip_phone_6861

-

o

cisco

ip_phone_6871_with_multiplatform_firmware

31

h

cisco

ip_phone_6871

-

o

cisco

ip_conference_phone_7832_with_multiplatform_firmware

31

h

cisco

ip_conference_phone_7832

-

o

cisco

ip_phone_7811_with_multiplatform_firmware

31

h

cisco

ip_phone_7811

-

o

cisco

ip_phone_7821_with_multiplatform_firmware

31

h

cisco

ip_phone_7821

-

o

cisco

ip_phone_7841_with_multiplatform_firmware

31

h

cisco

ip_phone_7841

-

o

cisco

ip_phone_7861_with_multiplatform_firmware

31

h

cisco

ip_phone_7861

-

o

cisco

ip_conference_phone_8831_with_multiplatform_firmware

31

h

cisco

ip_conference_phone_8831

-

o

cisco

ip_conference_phone_8832_with_multiplatform_firmware

31

h

cisco

ip_conference_phone_8832

-

o

cisco

ip_phone_8800_key_expansion_module_with_multiplatform_firmware

31

h

cisco

ip_phone_8800_key_expansion_module

-

o

cisco

ip_phone_8811_with_multiplatform_firmware

31

h

cisco

ip_phone_8811

-

o

cisco

ip_phone_8841_with_multiplatform_firmware

31

h

cisco

ip_phone_8841

-

o

cisco

ip_phone_8845_with_multiplatform_firmware

31

h

cisco

ip_phone_8845

-

o

cisco

ip_phone_8851_with_multiplatform_firmware

31

h

cisco

ip_phone_8851

-

o

cisco

ip_phone_8851_key_expansion_module_with_multiplatform_firmware

31

h

cisco

ip_phone_8851_key_expansion_module

-

o

cisco

ip_phone_8861_key_expansion_module_with_multiplatform_firmware

31

h

cisco

ip_phone_8861_key_expansion_module

-

o

cisco

ip_phone_8861_with_multiplatform_firmware

31

h

cisco

ip_phone_8861

-

o

cisco

ip_phone_8865_with_multiplatform_firmware

31

h

cisco

ip_phone_8865

-

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-csrf-HOCmXW2c

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-352

[email protected]

Secondary
CWE-352

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.5 · Medium

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2023-08-16T22:15:11.687

11 months ago

Last modified

2024-02-08T19:07:51.023

5 months ago