Home Security Essential Flaw in Cisco IP Telephone Collection Exposes Customers to Command Injection Assault

Essential Flaw in Cisco IP Telephone Collection Exposes Customers to Command Injection Assault

by crpt os


Mar 02, 2023Ravie LakshmananEnterprise Security / Network Security

Cisco on Wednesday rolled out security updates to address a critical flaw impacting its IP Phone 6800, 7800, 7900, and 8800 Series products.

The vulnerability, tracked as CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring system and is described as a command injection bug in the web-based management interface arising due to insufficient validation of user-supplied input.

Successful exploitation of the bug could allow an unauthenticated, remote attacker to inject arbitrary commands that are executed with the highest privileges on the underlying operating system.

“An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface,” Cisco said in an alert published on March 1, 2023.

Also patched by the company is a high-severity denial-of-service (DoS) vulnerability affecting the same set of devices, as well as the Cisco Unified IP Conference Phone 8831 and Unified IP Phone 7900 Series.

CVE-2023-20079 (CVSS score: 7.5), also a result of insufficient validation of user-supplied input in the web-based management interface, could be abused by an adversary to cause a DoS condition.

While Cisco has released Cisco Multiplatform Firmware version 11.3.7SR1 to resolve CVE-2023-20078, the company said it does not plan to fix CVE-2023-20079, as both the Unified IP Conference Phone models have entered end-of-life (EoL).

The company said it’s not aware of any malicious exploitation attempts targeting the flaw. It also said the flaws were discovered during internal security testing.

The advisory comes as Aruba Networks, a subsidiary of Hewlett Packard Enterprise, released an update to ArubaOS to remediate multiple unauthenticated command injection and stack-based buffer overflow flaws (from CVE-2023-22747 through CVE-2023-22752, CVSS scores: 9.8) that could result in code execution.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex