Cisco posts security advisories for Series 7800 and 8800 phones
March 21, 2019
- Cross-site request forgery vulnerability that is due to insufficient CSRF
protections for the web-based management interface of an affected device. To
exploit the issue an attacker would have to convince the use to follow a
crafted link resulting in being able to perform arbitrary actions on a targeted
device via a web browser with the privileges of the user.
(Series 8800 and Series 7800) – A remote code execution flaw that if exploited
could lead to a DoS situation or the ability to run arbitrary code. This could
be accomplished by connecting to an affected device using HTTP and supplying
malicious user credentials.
– Is an authorization bypass vulnerability that could allow an unauthenticated,
remote attacker to bypass authorization, access critical services, and cause a
denial of service (DoS) condition by crafting and submitting to the user a
specially crafted URL.
– can also lead to a DoS situation by allowing a remote attacker to cause high
disk utilization by writing a file that consumes most of the available disk
space on the system, resulting in a DoS condition.
– Is a path traversal vulnerability that if exploited could allow an attacker to
write arbitrary files to the filesystem. The problem is due to insufficient
input validation and file-level permissions.