Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-VOIP-PHONE-CSRF-K56VXVVX
HistoryApr 06, 2022 - 4:00 p.m.

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability

2022-04-0616:00:00
tools.cisco.com
23

0.001 Low

EPSS

Percentile

33.6%

JSON

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system.

This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-csrf-K56vXvVx [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-csrf-K56vXvVx”]

Affected configurations

Vulners
Node
ciscoip_phone_8800_seriesMatchany
OR
ciscoip_phone_8800_seriesMatchany
OR
ciscoip_phone_8800_series_with_multiplatform_firmwareMatchany
OR
ciscoip_qmMatchany
OR
ciscoip_phone_8800_seriesMatch7800_series_with_multiplatform_firmware
OR
ciscoip_phone_8800_seriesMatch6800_series_with_multiplatform_firmware
OR
ciscoip_phone_8800_seriesMatch8800_series_with_multiplatform_firmware
OR
ciscoip_qmMatchany

Related

nvd 1
cvelist 1
cve 1
prion 1
nessus 1
nvd
nvd
CVE-2022-20774
2022-04-06 19:15:08
cvelist
cvelist
CVE-2022-20774 Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability
2022-04-06 00:00:00
cve
cve
CVE-2022-20774
2022-04-06 19:15:08
prion
prion
Cross site request forgery (csrf)
2022-04-06 19:15:00
nessus
nessus
Cisco IP Phones 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery (CVE-2022-20774)
2024-03-18 00:00:00

0.001 Low

EPSS

Percentile

33.6%

JSON
Related for CISCO-SA-VOIP-PHONE-CSRF-K56VXVVX
nvd1cvelist1cve1prion1nessus1