• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
critical flaw in cisco ip phone series exposes users to

Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack

You are here: Home / General Cyber Security News / Critical Flaw in Cisco IP Phone Series Exposes Users to Command Injection Attack
March 2, 2023

Cisco on Wednesday rolled out security updates to address a critical flaw impacting its IP Phone 6800, 7800, 7900, and 8800 Collection products.

The vulnerability, tracked as CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring technique and is explained as a command injection bug in the web-dependent management interface arising thanks to insufficient validation of user-provided input.

Profitable exploitation of the bug could let an unauthenticated, remote attacker to inject arbitrary instructions that are executed with the best privileges on the fundamental functioning procedure.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“An attacker could exploit this vulnerability by sending a crafted ask for to the web-primarily based management interface,” Cisco explained in an inform released on March 1, 2023.

Also patched by the firm is a high-severity denial-of-services (DoS) vulnerability impacting the exact established of devices, as perfectly as the Cisco Unified IP Convention Phone 8831 and Unified IP Phone 7900 Collection.

CVE-2023-20079 (CVSS score: 7.5), also a consequence of inadequate validation of consumer-provided input in the web-dependent management interface, could be abused by an adversary to bring about a DoS condition.

Whilst Cisco has launched Cisco Multiplatform Firmware variation 11.3.7SR1 to resolve CVE-2023-20078, the corporation stated it does not plan to take care of CVE-2023-20079, as equally the Unified IP Meeting Phone models have entered conclude-of-life (EoL).

The firm claimed it really is not knowledgeable of any malicious exploitation tries focusing on the flaw. It also stated the flaws had been identified during internal security testing.

The advisory arrives as Aruba Networks, a subsidiary of Hewlett Packard Company, introduced an update to ArubaOS to remediate a number of unauthenticated command injection and stack-dependent buffer overflow flaws (from CVE-2023-22747 through CVE-2023-22752, CVSS scores: 9.8) that could outcome in code execution.

Observed this post attention-grabbing? Comply with us on Twitter  and LinkedIn to read additional exclusive content we publish.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Google Workspace Adds Client-Side Encryption to Gmail and Calendar
Next Post: SysUpdate Malware Strikes Again with Linux Version and New Evasion Tactics sysupdate malware strikes again with linux version and new evasion»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign
  • Meta Adds Passkey Login Support to Facebook for Android and iOS Users

Copyright © TheCyberSecurity.News, All Rights Reserved.