Cisco fixed critical flaw CVE-2023-20078 in Cisco IP Phone 6800, 7800, 7900, and 8800 Series

The vulnerability CVE-2023-20078 (CVSS score of 9.8) in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series Multiplatform Phones could allow attackers to execute arbitrary commands with root privileges due to insufficient validation of user-supplied input. This means that an attacker could send a crafted request to the web-based management interface and exploit this vulnerability to execute arbitrary commands on the underlying operating system of the affected device.

The vulnerability CVE-2023-20079 (CVSS score of 7.5) in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series Multiplatform Phones, as well as Cisco Unified IP Conference Phone 8831 and Unified IP Phone 7900 Series Phones, could allow attackers to cause a DoS condition by exploiting insufficient validation of user-supplied input. In this case, an attacker could send a crafted request to the web-based management interface to cause the affected device to reload, leading to a denial of service condition.

IP Phone 6800, 7800, and 8800 Series

Cisco has released software updates that address these vulnerabilities. Users of these Cisco products are advised to apply the relevant security updates as soon as possible to protect against potential exploitation of these vulnerabilities. There are no workarounds that address these vulnerabilities.

It is essential to note that these vulnerabilities only affect devices running vulnerable releases of Cisco Multiplatform Firmware or Cisco Unified Software. Users should ensure that they are running the latest versions of these products to avoid potential vulnerabilities. Additionally, users are advised to regularly check for and apply software updates to mitigate potential security risks.