• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
critical flaw in cisco ip phone series exposes users to

Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack

You are here: Home / General Cyber Security News / Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack
March 2, 2023

Cisco on Wednesday rolled out security updates to address a critical flaw impacting its IP Phone 6800, 7800, 7900, and 8800 Collection products.

The vulnerability, tracked as CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring technique and is explained as a command injection bug in the web-dependent management interface arising thanks to insufficient validation of user-provided input.

Profitable exploitation of the bug could let an unauthenticated, remote attacker to inject arbitrary instructions that are executed with the best privileges on the fundamental functioning procedure.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“An attacker could exploit this vulnerability by sending a crafted ask for to the web-primarily based management interface,” Cisco explained in an inform released on March 1, 2023.

Also patched by the firm is a high-severity denial-of-services (DoS) vulnerability impacting the exact established of devices, as perfectly as the Cisco Unified IP Convention Phone 8831 and Unified IP Phone 7900 Collection.

CVE-2023-20079 (CVSS score: 7.5), also a consequence of inadequate validation of consumer-provided input in the web-dependent management interface, could be abused by an adversary to bring about a DoS condition.

Whilst Cisco has launched Cisco Multiplatform Firmware variation 11.3.7SR1 to resolve CVE-2023-20078, the corporation stated it does not plan to take care of CVE-2023-20079, as equally the Unified IP Meeting Phone models have entered conclude-of-life (EoL).

The firm claimed it really is not knowledgeable of any malicious exploitation tries focusing on the flaw. It also stated the flaws had been identified during internal security testing.

The advisory arrives as Aruba Networks, a subsidiary of Hewlett Packard Company, introduced an update to ArubaOS to remediate a number of unauthenticated command injection and stack-dependent buffer overflow flaws (from CVE-2023-22747 through CVE-2023-22752, CVSS scores: 9.8) that could outcome in code execution.

Observed this post attention-grabbing? Comply with us on Twitter  and LinkedIn to read additional exclusive content we publish.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Google Workspace Adds Client-Side Encryption to Gmail and Calendar
Next Post: SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics sysupdate malware strikes again with linux version and new evasion»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz
  • Online Safety Bill: Why is Ofcom being thrown under the bus?

Copyright © TheCyberSecurity.News, All Rights Reserved.