Cisco IP Phone 6800, 7800, and 8800 Series Web UI Vulnerabilities (CVE-2023-20078 and CVE-2023-20079)
CVE numbers CVE-2023-20078 and CVE-2023-20079
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
Vulnerable Products
CVE-2023-20078
This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco Multiplatform Firmware:
- IP Phone 6800 Series with Multiplatform Firmware
- IP Phone 7800 Series with Multiplatform Firmware
- IP Phone 8800 Series with Multiplatform Firmware
CVE-2023-20079
This vulnerability affects the following Cisco products if they are running a vulnerable release of Cisco Multiplatform Firmware or Cisco Unified Software:
- IP Phone 6800 Series with Multiplatform Firmware
- IP Phone 7800 Series with Multiplatform Firmware
- IP Phone 8800 Series with Multiplatform Firmware
- Unified IP Conference Phone 8831
- Unified IP Conference Phone 8831 with Multiplatform Firmware
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.