CVE-2019-16008: Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability
First published: Sun Jan 26 2020(Updated: )
A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based GUI of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IP Phone 6841 firmware | <11.3\(1\) | |
| Cisco IP Phone 6841 firmware | ||
| Cisco IP Phone 6851 | <11.3\(1\) | |
| Cisco IP Phone 6851 | ||
| Cisco IP DECT 6825 Firmware | <11.3\(1\) | |
| Cisco IP Phone 6825 | ||
| cisco ip phone 6861 firmware | <11.3\(1\) | |
| cisco ip phone 6861 | ||
| Cisco IP Phone 6871 firmware | <11.3\(1\) | |
| Cisco IP Phone 6871 firmware | ||
| Cisco IP Phone 6821 firmware | <11.3\(1\) | |
| Cisco IP Phone 6821 firmware | ||
| Cisco IP Phone 7811 firmware | <11.3\(1\) | |
| Cisco IP Phone 7811 firmware | ||
| Cisco IP Phone 7821 firmware | <11.3\(1\) | |
| Cisco IP Phone 7821 firmware | ||
| Cisco IP Conference Phone 7832 Firmware | <11.3\(1\) | |
| Cisco IP Phone 7832 firmware | ||
| Cisco IP Phone 7841 firmware | <11.3\(1\) | |
| Cisco IP Phone 7841 firmware | ||
| Cisco IP Phone 7861 firmware | <11.3\(1\) | |
| Cisco IP Phone 7861 firmware | ||
| Cisco IP Phone 8811 firmware | <11.3\(1\) | |
| Cisco IP Phone 8811 firmware | ||
| Cisco 8831 Firmware | <11.3\(1\) | |
| Cisco IP Phone 8831 firmware | ||
| cisco ip phone 8832 firmware | <11.3\(1\) | |
| cisco ip phone 8832 | ||
| Cisco IP Phone 8841 firmware | <11.3\(1\) | |
| Cisco IP Phone 8841 firmware | ||
| Cisco IP Phone 8845 firmware | <11.3\(1\) | |
| Cisco IP Phone 8845 firmware | ||
| Cisco IP Phone 8851 firmware | <11.3\(1\) | |
| Cisco IP Phone 8851 firmware | ||
| cisco ip phone 8861 firmware | <11.3\(1\) | |
| Cisco IP Phone 8861 Firmware 3PCC | ||
| cisco ip phone 8865 firmware | <11.3\(1\) | |
| cisco ip phone 8865 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is vulnerability CVE-2019-16008?
Vulnerability CVE-2019-16008 is a cross-site scripting (XSS) vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware.
How does vulnerability CVE-2019-16008 impact Cisco IP Phone firmware versions?
Vulnerability CVE-2019-16008 affects Cisco IP Phone firmware versions 11.3(1) and earlier.
What is the severity of vulnerability CVE-2019-16008?
Vulnerability CVE-2019-16008 has a severity rating of 5.4 (Medium).
How can an attacker exploit vulnerability CVE-2019-16008?
An attacker can exploit vulnerability CVE-2019-16008 by conducting a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system.
Where can I find more information about vulnerability CVE-2019-16008?
More information about vulnerability CVE-2019-16008 can be found in the Cisco Security Advisory at the following link: [https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-iphone-xss]
- agent/type
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/severity
- agent/title
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ip phone 6841 firmware
- canonical/cisco ip phone 6851
- canonical/cisco ip dect 6825 firmware
- canonical/cisco ip phone 6825
- canonical/cisco ip phone 6861 firmware
- canonical/cisco ip phone 6861
- canonical/cisco ip phone 6871 firmware
- canonical/cisco ip phone 6821 firmware
- canonical/cisco ip phone 7811 firmware
- canonical/cisco ip phone 7821 firmware
- canonical/cisco ip conference phone 7832 firmware
- canonical/cisco ip phone 7832 firmware
- canonical/cisco ip phone 7841 firmware
- canonical/cisco ip phone 7861 firmware
- canonical/cisco ip phone 8811 firmware
- canonical/cisco 8831 firmware
- canonical/cisco ip phone 8831 firmware
- canonical/cisco ip phone 8832 firmware
- canonical/cisco ip phone 8832
- canonical/cisco ip phone 8841 firmware
- canonical/cisco ip phone 8845 firmware
- canonical/cisco ip phone 8851 firmware
- canonical/cisco ip phone 8861 firmware
- canonical/cisco ip phone 8861 firmware 3pcc
- canonical/cisco ip phone 8865 firmware
- canonical/cisco ip phone 8865