A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCisco 8831
HWCiscowszystkie wersjeCisco 8831 Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1Cisco Ip Phone 7811
HWCiscowszystkie wersjeCisco Ip Phone 7811 Firmware
OSCisco11.0\(1\)Cisco Ip Phone 7821
HWCiscowszystkie wersjeCisco Ip Phone 7821 Firmware
OSCisco11.0\(1\)Cisco Ip Phone 7841
HWCiscowszystkie wersjeCisco Ip Phone 7841 Firmware
OSCisco11.0\(1\)Cisco Ip Phone 7861
HWCiscowszystkie wersjeCisco Ip Phone 7861 Firmware
OSCisco11.0\(1\)Cisco Ip Phone 8811
HWCiscowszystkie wersjeCisco Ip Phone 8811 Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1Cisco Ip Phone 8821
HWCiscowszystkie wersjeCisco Ip Phone 8821 Ex
HWCiscowszystkie wersjeCisco Ip Phone 8821 Ex Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1Cisco Ip Phone 8821 Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1Cisco Ip Phone 8841
HWCiscowszystkie wersjeCisco Ip Phone 8841 Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1Cisco Ip Phone 8845
HWCiscowszystkie wersjeCisco Ip Phone 8845 Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1Cisco Ip Phone 8851
HWCiscowszystkie wersjeCisco Ip Phone 8851 Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1Cisco Ip Phone 8861
HWCiscowszystkie wersjeCisco Ip Phone 8861 Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1Cisco Ip Phone 8865
HWCiscowszystkie wersjeCisco Ip Phone 8865 Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1
CISA KEV — szczegółyi
- Dostawcai
- Cisco ↗
- Produkti
- Cisco IP Phones
- Data dodania do KEVi
- 3 listopada 2021
- Termin remediation (USA)i
- 3 maja 2022(po terminie)
Zastosuj aktualizacje zgodnie z instrukcjami producenta.
▸ Pokaż oryginał (EN)
Apply updates per vendor instructions.
Telefony IP Cisco zawierają lukę polegającą na nieprawidłowej walidacji danych wejściowych dla żądań HTTP. Wykorzystanie tej luki mogłoby pozwolić atakującemu na zdalne wykonanie kodu z uprawnieniami root lub spowodowanie warunków denial-of-service (DoS).
▸ Pokaż oryginał (EN)
Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition.
Powiązane podatności
The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability tha...
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unaut...
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unaut...
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain eleva...
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco I...