Home

Description

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

PUBLISHED Reserved 2022-10-27 | Published 2023-03-03 | Updated 2024-10-28 | Assigner cisco




CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-121

Product status

Any version
affected

References

sec.cloudapps.cisco.com/...isco-sa-ip-phone-cmd-inj-KMFynVcP (20230302 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities) vendor-advisory

sec.cloudapps.cisco.com/...isco-sa-ip-phone-cmd-inj-KMFynVcP (20230302 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities) vendor-advisory

cve.org (CVE-2023-20079)

nvd.nist.gov (CVE-2023-20079)

Download JSON