DigitalCIO
No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
Digitalcio
No Result
View All Result
Home Tech News

Cisco directs high priority patches for IP phone

DigitalCIO Bureau by DigitalCIO Bureau
March 21, 2019
in Tech News
0
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Source: ITW

Cisco directs high priority patches for IP phone security exposures

Cisco warns on SIP vulnerabilities in 8800 and 7800 series IP business phones

Cisco this week advised customers using its 7800 and 8800 series IP phones they should patch a variety of high-priority vulnerabilities that could lead to denial of service and other security problems.

The company issued five security advisories, four for the 8800 and one for both the 8800 and 7800 series of IP phones. The 8800 is a high-end business desktop device that features high-definition video and mobile device integration. The 7800 is more of a general business IP phone.

The security advisories include:
• A vulnerability in the web-based management interface of session initiation protocol (SIP) software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem, Cisco wrote.  The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device.
• A vulnerability in the web-based management interface of SIP software for Cisco IP Phone 8800 Series could allow an authenticated, remote attacker to write arbitrary files to the filesystem. The vulnerability is due to insufficient input validation and file-level permissions. An attacker could exploit this vulnerability by uploading invalid files to an affected device, Cisco said.
• A weakness in the web-based management interface of SIP Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services and cause a denial of service (DoS) condition. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL, Cisco said.
• An exposure in the web-based management interface of SIP Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link, Cisco said.

Cisco said these vulnerabilities affect Cisco IP Phones running a SIP software release prior to 11.0 for Wireless IP Phone 8821-EX and release 12.5 SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series.

The last vulnerability impacts both phones. The problem is a weakness is in the web-based management interface of SIP software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition or to execute arbitrary code with the privileges of the app user. Cisco wrote that the vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials.

Cisco said that the weakness involves version 10.3 SR5 for Unified IP Conference Phone 8831; 11.0 SR3 for Wireless IP Phone 8821 and 8821-EX; and 12.5 SR1 for the rest of the IP Phone 7800 and 8800 Series.

Share30Tweet19
DigitalCIO Bureau

DigitalCIO Bureau

Recommended For You

Freshworks Appoints Ian Tickle as Chief of Global Field Operations

by DigitalCIO Bureau
June 20, 2025
0
Freshworks Appoints Ian Tickle as Chief of Global Field Operations

Freshworks has announced the appointment of Ian Tickle as Chief of Global Field Operations (CGFO). Tickle, who has served in this capacity on an interim basis since April, while maintaining...

Read moreDetails

C-Suite misalignment over GenAI adoption

by DigitalCIO Bureau
June 20, 2025
0

NTT DATA has launched its new report, “The AI Security Balancing Act: From Risk to Innovation,” highlighting the opportunities and risks AI presents in cybersecurity. The findings show...

Read moreDetails

HCLSoftware Unveils XDO Framework In Dubai

by DigitalCIO Bureau
June 19, 2025
0
HCLSoftware Unveils XDO Framework In Dubai

HCLSoftware, the enterprise software division of HCLTech, kicked off its high-octane Executive Summit at Madinat Jumeirah on June 3. The invitation-only event blended Formula 1 energy with enterprise...

Read moreDetails

GerriScary: Hacking the Supply Chain Of Popular Google Products

by DigitalCIO Bureau
June 19, 2025
0
Tenable Reveals Vulnerability dubbed ConfusedFunction in Google Cloud Platform

Tenable has identified a vulnerability in Google's open-source code review system, Gerrit, dubbed GerriScary. The vulnerability allowed unauthorised code submission to at least 18 major Google projects, including...

Read moreDetails

Proofpoint And Wiz Integrate Security Solutions

by DigitalCIO Bureau
June 18, 2025
0
Proofpoint And Wiz Integrate Security Solutions

Proofpoint has announced the general availability of an integration between its Data Security Posture Management (DSPM) solution and Wiz, a leader in cloud security. As part of the Wiz...

Read moreDetails
Next Post

Instagram testing new username auto-lock feature

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

RBI says no curbs in providing bank accounts to crypto traders

May 26, 2020
NetApp Announces VMware Sovereign Cloud Integration and Simplified Data Management for Modern Virtualised Applications

NetApp Announces VMware Sovereign Cloud Integration and Simplified Data Management for Modern Virtualised Applications

November 8, 2023
VTEX Partners with Vinculum to Elevate Customer Experience in India

Kyndryl Introduces New Security Edge Services with Cisco

January 31, 2024

Browse by Category

  • Acquisition
  • Appointment
  • Archive
  • Artificial Intelligence
  • CIO Interviews
  • Cloud
  • Datacenter
  • Events and Conferences
  • Market Insights
  • News
  • Opinion and Analysis
  • Products
  • Resources
  • Security
  • Storage
  • Tech News
  • Telecom
Digitalcio

Welcome to DigitalCIO, your ultimate source for staying ahead in the ever-evolving world of technology and business.

BROWSE BY TAG

Acquisition AI Appointment artificial intelligence Artificial Intelligence and Machine Learning AWS Big Data and Analytics Blockchain CISCO Cloud Computing Cloudflare Commvault CrowdStrike Cybersecurity Dell Technologies Digital Transformation Dynatrace E-books Fortinet Gartner GenAI Generative AI Google Cloud HCLTech Honeywell IBM Infographics Internet of Things (IoT) Kaspersky Microsoft Netskope NTT DATA Palo Alto Networks Panel Discussion Qlik Salesforce ServiceNow Sophos Tenable Veeam Veeam Software Vertiv Webinars Whitepaper Zscaler

CATEGORIES

  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
  • Archive

NAVIGATION

  • Home
  • About Us
  • Advertise with Us
  • Contact Us

© 2024 digitalcio.in - All rights reserved.

No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources

© 2024 digitalcio.in - All rights reserved.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?