Cisco Releases Security Update for IP Phone Systems

24 Mar

Cisco Releases Security Update for IP Phone Systems

Cisco has released software fixes for multiple versions of firmware running on some of its IP phones, the company announced in an advisory. The advisory covers two vulnerabilities that affect six products, including the 6800 series, 7800 series, and 8800 series phones running the company’s multiplatform firmware.

The first vulnerability, CVE-2023-20078 (CVSS score 9.8), allows an unauthenticated remote attacker to send a crafted request to the phone’s web-based management interface and execute arbitrary operating system commands with root privilege. The second vulnerability, CVE-2023-20079 (CVSS score 7.5), allows an unauthenticated remote attacker to force a device reload, leading to denial-of-service. Affected firmware versions are prior to 11.3.7SR1, however, the affected United IP conference phones are already end-of-life and won’t be patched.

The vulnerabilities were discovered during internal security testing. Cisco has released software fixes for the affected products and recommends users update their firmware as soon as possible.

Tags:

Cisco,remote code execution,Security,Vulnerabilities,Vulnerability

Cisco Releases Security Update for IP Phone Systems

Cisco Releases Security Update for IP Phone Systems

Tags:

Cloud Backup Feature for TOTP Codes Now Available on Google Authenticator App

Accounts left vulnerable to permanent compromise due to Google OAuth bug

How Fancy Bear Infected Routers Using an Old SNMP Bug

AI-generated YouTube videos used to distribute difficult-to-detect malware loader

Navigation

Connect with us on social