Affected Devices

Vulnerability in Cisco IP Phones: Security Advisory Released

Affected Devices:

• Cisco IP Phone 6800 Series
• Cisco IP Phone 7800 Series
• Cisco IP Phone 8800 Series

Overview:

Cisco has released a security advisory to address vulnerabilities affecting a subset of its IP Phone products. These vulnerabilities could allow an unauthenticated remote attacker to gain access to the device's web-based management interface.

Vulnerabilities:

1. A vulnerability in the web-based management interface could allow an attacker to access device information through crafted HTTP requests.
2. A vulnerability in the Discovery Protocol implementation could allow an attacker to discover sensitive information about the network.
3. A vulnerability in the IP Phone firmware could allow an attacker to execute arbitrary code with elevated privileges.

Impact:

These vulnerabilities could allow an attacker to:

• Gain access to sensitive information, such as usernames, passwords, and network topology.
• Execute arbitrary code on the affected device.
• Disrupt voice communication services.

Mitigations:

Cisco recommends the following mitigations:

• Upgrade to the latest software version that addresses the vulnerabilities.
• Disable the web-based management interface if it is not required.
• Restrict access to the Discovery Protocol to trusted devices.
• Implement network segmentation to isolate affected devices from critical network resources.

Additional Resources:

• Cisco Security Advisory: IP Phone NVE Vulnerabilities
• Cisco Security Advisory: IP Phone Vulnerabilities