CVE-2019-16008: Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability
First published: Sun Jan 26 2020(Updated: )
A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based GUI of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Ip Phone 6841 Firmware | <11.3\(1\) | |
| Cisco Ip Phone 6841 | ||
| Cisco Ip Phone 6851 Firmware | <11.3\(1\) | |
| Cisco Ip Phone 6851 | ||
| Cisco Ip Phone 6825 Firmware | <11.3\(1\) | |
| Cisco Ip Phone 6825 | ||
| Cisco Ip Phone 6861 Firmware | <11.3\(1\) | |
| Cisco Ip Phone 6861 | ||
| Cisco Ip Phone 6871 Firmware | <11.3\(1\) | |
| Cisco Ip Phone 6871 | ||
| Cisco Ip Phone 6821 Firmware | <11.3\(1\) | |
| Cisco Ip Phone 6821 | ||
| Cisco Ip Phone 7811 Firmware | <11.3\(1\) | |
| Cisco Ip Phone 7811 | ||
| Cisco Ip Phone 7821 Firmware | <11.3\(1\) | |
| Cisco Ip Phone 7821 | ||
| Cisco Ip Phone 7832 Firmware | <11.3\(1\) | |
| Cisco Ip Phone 7832 | ||
| Cisco Ip Phone 7841 Firmware | <11.3\(1\) | |
| Cisco Ip Phone 7841 | ||
| Cisco Ip Phone 7861 Firmware | <11.3\(1\) | |
| Cisco IP Phone 7861 | ||
| Cisco Ip Phone 8811 Firmware | <11.3\(1\) | |
| Cisco Ip Phone 8811 | ||
| Cisco Ip Phone 8831 Firmware | <11.3\(1\) | |
| Cisco Ip Phone 8831 | ||
| Cisco Ip Phone 8832 Firmware | <11.3\(1\) | |
| Cisco Ip Phone 8832 | ||
| Cisco Ip Phone 8841 Firmware | <11.3\(1\) | |
| Cisco Ip Phone 8841 | ||
| Cisco Ip Phone 8845 Firmware | <11.3\(1\) | |
| Cisco Ip Phone 8845 | ||
| Cisco Ip Phone 8851 Firmware | <11.3\(1\) | |
| Cisco IP Phone 8851 | ||
| Cisco Ip Phone 8861 Firmware | <11.3\(1\) | |
| Cisco Ip Phone 8861 | ||
| Cisco Ip Phone 8865 Firmware | <11.3\(1\) | |
| Cisco Ip Phone 8865 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is vulnerability CVE-2019-16008?
Vulnerability CVE-2019-16008 is a cross-site scripting (XSS) vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware.
How does vulnerability CVE-2019-16008 impact Cisco IP Phone firmware versions?
Vulnerability CVE-2019-16008 affects Cisco IP Phone firmware versions 11.3(1) and earlier.
What is the severity of vulnerability CVE-2019-16008?
Vulnerability CVE-2019-16008 has a severity rating of 5.4 (Medium).
How can an attacker exploit vulnerability CVE-2019-16008?
An attacker can exploit vulnerability CVE-2019-16008 by conducting a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system.
Where can I find more information about vulnerability CVE-2019-16008?
More information about vulnerability CVE-2019-16008 can be found in the Cisco Security Advisory at the following link: [https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-iphone-xss]
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/author
- agent/references
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/tags
- agent/last-modified-date
- agent/severity
- agent/title
- agent/event
- agent/first-publish-date
- vendor/cisco
- canonical/cisco ip phone 6841 firmware
- canonical/cisco ip phone 6841
- canonical/cisco ip phone 6851 firmware
- canonical/cisco ip phone 6851
- canonical/cisco ip phone 6825 firmware
- canonical/cisco ip phone 6825
- canonical/cisco ip phone 6861 firmware
- canonical/cisco ip phone 6861
- canonical/cisco ip phone 6871 firmware
- canonical/cisco ip phone 6871
- canonical/cisco ip phone 6821 firmware
- canonical/cisco ip phone 6821
- canonical/cisco ip phone 7811 firmware
- canonical/cisco ip phone 7811
- canonical/cisco ip phone 7821 firmware
- canonical/cisco ip phone 7821
- canonical/cisco ip phone 7832 firmware
- canonical/cisco ip phone 7832
- canonical/cisco ip phone 7841 firmware
- canonical/cisco ip phone 7841
- canonical/cisco ip phone 7861 firmware
- canonical/cisco ip phone 7861
- canonical/cisco ip phone 8811 firmware
- canonical/cisco ip phone 8811
- canonical/cisco ip phone 8831 firmware
- canonical/cisco ip phone 8831
- canonical/cisco ip phone 8832 firmware
- canonical/cisco ip phone 8832
- canonical/cisco ip phone 8841 firmware
- canonical/cisco ip phone 8841
- canonical/cisco ip phone 8845 firmware
- canonical/cisco ip phone 8845
- canonical/cisco ip phone 8851 firmware
- canonical/cisco ip phone 8851
- canonical/cisco ip phone 8861 firmware
- canonical/cisco ip phone 8861
- canonical/cisco ip phone 8865 firmware
- canonical/cisco ip phone 8865