HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2025-20350

CVSS 7.5v3.1pub. 2025-10-15upd. 2025-12-04

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco SIP Software could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to a buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To exploit this vulnerability, the phone must be registered to Cisco Unified Communications Manager and have Web Access enabled. Web Access is disabled by default.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Cisco Desk Phone 9841

    HW
    Cisco
    wszystkie wersje
  • Cisco Desk Phone 9841 Firmware

    OS
    Cisco
    3.0\(1\) – 3.2\(1\)
  • Cisco Desk Phone 9851

    HW
    Cisco
    wszystkie wersje
  • Cisco Desk Phone 9851 Firmware

    OS
    Cisco
    3.0\(1\) – 3.2\(1\)
  • Cisco Desk Phone 9861

    HW
    Cisco
    wszystkie wersje
  • Cisco Desk Phone 9861 Firmware

    OS
    Cisco
    3.0\(1\) – 3.2\(1\)
  • Cisco Desk Phone 9871

    HW
    Cisco
    wszystkie wersje
  • Cisco Desk Phone 9871 Firmware

    OS
    Cisco
    3.0\(1\) – 3.2\(1\)
  • Cisco Ip Phone 7811

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 7811 Firmware

    OS
    Cisco
    14.3\(1\)< 14.3\(1\)
  • Cisco Ip Phone 7821

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 7821 Firmware

    OS
    Cisco
    14.3\(1\)< 14.3\(1\)
  • Cisco Ip Phone 7841

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 7841 Firmware

    OS
    Cisco
    14.3\(1\)< 14.3\(1\)
  • Cisco Ip Phone 7861

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 7861 Firmware

    OS
    Cisco
    14.3\(1\)< 14.3\(1\)
  • Cisco Ip Phone 8811

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8811 Firmware

    OS
    Cisco
    14.3\(1\)< 14.3\(1\)
  • Cisco Ip Phone 8821

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8821 Firmware

    OS
    Cisco
    11.0\(0.7\)11.0\(1\)11.0\(2\)11.0\(3\)11.0\(4\)11.0\(5\)11.0\(6\)< 11.0\(1\)
  • Cisco Ip Phone 8832

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8832 Firmware

    OS
    Cisco
    14.3\(1\)< 14.3\(1\)
  • Cisco Ip Phone 8841

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8841 Firmware

    OS
    Cisco
    14.3\(1\)< 14.3\(1\)
  • Cisco Ip Phone 8845

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8845 Firmware

    OS
    Cisco
    14.3\(1\)< 14.3\(1\)
  • Cisco Ip Phone 8851

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8851 Firmware

    OS
    Cisco
    14.3\(1\)< 14.3\(1\)
  • Cisco Ip Phone 8861

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8861 Firmware

    OS
    Cisco
    14.3\(1\)< 14.3\(1\)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2020-3161CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execu...

CVE-2023-20078CRITICAL9.8ten sam produkt

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unaut...

CVE-2023-20079CRITICAL9.8ten sam produkt

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unaut...

CVE-2024-20376HIGH7.5ten sam produkt

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticate...

CVE-2024-20378HIGH7.5ten sam produkt

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticate...