Ddos 
Cisco has released security updates to patch two vulnerabilities (CVE-2025-20350 and CVE-2025-20351) affecting multiple Cisco Desk Phone and IP Phone models, including the 9800, 7800, 8800, and 8875 series, that could allow unauthenticated remote attackers to cause a denial-of-service (DoS) or perform cross-site scripting (XSS) attacks.
The first flaw, CVE-2025-20350, carries a CVSS base score of 7.5 (High) and affects the web interface of Cisco Desk and IP Phones running Cisco SIP Software.
It stems from a buffer overflow vulnerability triggered when the device processes malicious HTTP input.
“This vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition,” the company explained.
Cisco confirmed that Web Access must be enabled and the device registered to Cisco Unified Communications Manager for the flaw to be exploitable.
Fortunately, Web Access is disabled by default, limiting exposure for most deployments. No workarounds are available, but the company has released patched firmware to address the issue.
The second flaw, CVE-2025-20351, is rated Medium with a CVSS score of 6.1. It affects the same product line but involves insufficient input validation within the web interface, potentially allowing attackers to execute arbitrary JavaScript code in the victim’s browser.
“This vulnerability exists because the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information,” Cisco said.
As with the DoS flaw, exploitation requires that Web Access be manually enabled, since it is disabled by default. There are no workarounds beyond disabling Web Access entirely.
Cisco confirmed that the following products are affected if running vulnerable releases of Cisco SIP Software, registered to Cisco Unified Communications Manager, and with Web Access enabled:
- Cisco Desk Phone 9800 Series
- Cisco IP Phone 7800 Series
- Cisco IP Phone 8800 Series
- Cisco Video Phone 8875
Cisco strongly recommends that all customers upgrade to fixed releases as the only permanent mitigation.
The fixed versions include:
- Desk Phone 9800 Series: SIP Software 3.3(1)
- IP Phone 7800/8800 Series: SIP Software 14.3(1)SR2 and 14.4(1)
- IP Phone 8821: SIP Software 11.0(6)SR7
- Video Phone 8875: SIP Software 3.3(1)
Donate