Patch Management

Cisco posts security advisories for Series 7800 and 8800 phones

March 21, 2019
  • CVE-2019-1764 - Cross-site request forgery vulnerability that is due to insufficient CSRF protections for the web-based management interface of an affected device. To exploit the issue an attacker would have to convince the use to follow a crafted link resulting in being able to perform arbitrary actions on a targeted device via a web browser with the privileges of the user.
  • CVE-2019-1716 (Series 8800 and Series 7800) – A remote code execution flaw that if exploited could lead to a DoS situation or the ability to run arbitrary code. This could be accomplished by connecting to an affected device using HTTP and supplying malicious user credentials.
  • CVE-2019-1763 – Is an authorization bypass vulnerability that could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition by crafting and submitting to the user a specially crafted URL.
  • CVE-2019-1766 – can also lead to a DoS situation by allowing a remote attacker to cause high disk utilization by writing a file that consumes most of the available disk space on the system, resulting in a DoS condition.
  • CVE-2019-1765 – Is a path traversal vulnerability that if exploited could allow an attacker to write arbitrary files to the filesystem. The problem is due to insufficient input validation and file-level permissions.
prestitial ad