Overview

 

This vulnerability exists in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware. It could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. A successful exploit could allow an attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.

Full description of the vulnerability is available on the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-csrf-K56vXvVx

What do you need to do?

 

Confirm whether you are using either of the impacted products:

• IP Phone 6800 Series with Multiplatform Firmware
• IP Phone 7800 Series with Multiplatform Firmware
• IP Phone 8800 Series with Multiplatform Firmware.

2.   Check what software version you’re using on the impacted product. If the software version is 11.3.6 or higher, no action is required.

3. If the software version of your impacted product is 11.3.5 or lower, download the latest software to the impacted product. The software should be 11.3.6 firmware version or higher. Click here to download the latest software. Log in will be required to your Cisco’s CCO download repository for this page.

Service notice

If you haven't already done so, bookmark this website and register your details to receive email alerts.