Overview

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system.

IP Phone 6800, 7800, and 8800 Multiplatform Firmware

Cisco Multiplatform Firmware Release	First Fixed Release
11.3 and earlier	Affected, please migrate to a fixed release.
12.0	Not vulnerable.

Video Phone 8875

Cisco PhoneOS Release	First Fixed Release
1.0	Affected, please migrate to a fixed release.
2.0	Not vulnerable.
2.1	Not vulnerable.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Full description of the vulnerability is available on the following link:

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability

What do you need to do?

1.  Confirm whether you’re using any of the impacted devices:

• IP Phone 6800 Series with Multiplatform Firmware
• IP Phone 7800 Series with Multiplatform Firmware
• IP Phone 8800 Series with Multiplatform Firmware
• Video Phone 8875

2.   If you’re using any of the impacted devices with the affected software, please download the newest software version.

3.   To get the relevant software, refer to the files below.

IP Phone 6800 Series with Multiplatform Firmware:

• 6821 - Download link
• 6841/51/61/71 - Download link

IP Phone 7800 Series with Multiplatform Firmware

• 7811/21/41/61 - Download link
• 7832 - Download link

IP Phone 8800 Series with Multiplatform Firmware

• 8811/41/51/51NR/61 - Download link
• 8845/65/65NR - Download link
• 8831 - EoL
• 8832/32NR - Download link
• 8821/21-EX - Download link

Video Phone 8875 - Download link

Service notice

If you haven't already done so, bookmark this website and register your details to receive email alerts.