What is CVE-2023-20079?

CVE-2023-20079 is a vulnerability in the web-based management interface of certain Cisco IP Phones that could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.

How severe is CVE-2023-20079?

CVE-2023-20079 has a severity rating of 7.5, which is considered critical.

Which Cisco IP Phone models are affected by CVE-2023-20079?

CVE-2023-20079 affects Cisco IP Phone models 6871, 6861, 6851, 6841, 6825, 7861, 7841, 7832, 7821, 7811, 8865, 8861, 8851, 8845, 8841, 8832, 8811, and 8831.

How do I fix CVE-2023-20079?

To fix CVE-2023-20079, update the firmware of the affected Cisco IP Phones to version 11.3.7sr1 or later.

Where can I find more information about CVE-2023-20079?

More information about CVE-2023-20079 can be found in the advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP.

Vulnerability/
CVE-2023-20079

critical

9.8

CWE

787 121

3/3/2023

2/8/2024

CVE-2023-20079: Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities

First published: Fri Mar 03 2023(Updated: )

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco Ip Phone 6871 Firmware	<11.3.7sr1
Cisco Ip Phone 6871
Cisco Ip Phone 6861 Firmware	<11.3.7sr1
Cisco Ip Phone 6861
Cisco Ip Phone 6851 Firmware	<11.3.7sr1
Cisco Ip Phone 6851
Cisco Ip Phone 6841 Firmware	<11.3.7sr1
Cisco Ip Phone 6841
Cisco Ip Phone 6825 Firmware	<11.3.7sr1
Cisco Ip Phone 6825
Cisco Ip Phone 7861 Firmware	<11.3.7sr1
Cisco IP Phone 7861
Cisco Ip Phone 7841 Firmware	<11.3.7sr1
Cisco Ip Phone 7841
Cisco Ip Phone 7832 Firmware	<11.3.7sr1
Cisco Ip Phone 7832
Cisco Ip Phone 7821 Firmware	<11.3.7sr1
Cisco Ip Phone 7821
Cisco Ip Phone 7811 Firmware	<11.3.7sr1
Cisco Ip Phone 7811
Cisco Ip Phone 8865 Firmware	<11.3.7sr1
Cisco Ip Phone 8865
Cisco Ip Phone 8861 Firmware	<11.3.7sr1
Cisco Ip Phone 8861
Cisco Ip Phone 8851 Firmware	<11.3.7sr1
Cisco IP Phone 8851
Cisco Ip Phone 8845 Firmware	<11.3.7sr1
Cisco Ip Phone 8845
Cisco Ip Phone 8841 Firmware	<11.3.7sr1
Cisco Ip Phone 8841
Cisco Ip Phone 8832 Firmware	<11.3.7sr1
Cisco Ip Phone 8832
Cisco Ip Phone 8811 Firmware	<11.3.7sr1
Cisco Ip Phone 8811
Cisco Ip Phone 8831 Firmware	<11.3.7sr1
Cisco Ip Phone 8831
Cisco Unified Ip Phone 7945g Firmware	<11.3.7sr1
Cisco Unified Ip Phone 7945g
Cisco Unified Ip Phone 7965g Firmware	<11.3.7sr1
Cisco Unified Ip Phone 7965g
Cisco Unified Ip Phone 7975g Firmware	<11.3.7sr1
Cisco Unified Ip Phone 7975g

Never miss a vulnerability like this again

Reference Links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP

Frequently Asked Questions

What is CVE-2023-20079?
CVE-2023-20079 is a vulnerability in the web-based management interface of certain Cisco IP Phones that could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.
How severe is CVE-2023-20079?
CVE-2023-20079 has a severity rating of 7.5, which is considered critical.
Which Cisco IP Phone models are affected by CVE-2023-20079?
CVE-2023-20079 affects Cisco IP Phone models 6871, 6861, 6851, 6841, 6825, 7861, 7841, 7832, 7821, 7811, 8865, 8861, 8851, 8845, 8841, 8832, 8811, and 8831.
How do I fix CVE-2023-20079?
To fix CVE-2023-20079, update the firmware of the affected Cisco IP Phones to version 11.3.7sr1 or later.
Where can I find more information about CVE-2023-20079?
More information about CVE-2023-20079 can be found in the advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP.

agent/weakness
agent/type
collector/nvd-index
agent/software-canonical-lookup-request
agent/author
agent/references
agent/softwarecombine
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/title
agent/severity
agent/tags
agent/first-publish-date
agent/event
vendor/cisco
canonical/cisco ip phone 6871 firmware
canonical/cisco ip phone 6871
canonical/cisco ip phone 6861 firmware
canonical/cisco ip phone 6861
canonical/cisco ip phone 6851 firmware
canonical/cisco ip phone 6851
canonical/cisco ip phone 6841 firmware
canonical/cisco ip phone 6841
canonical/cisco ip phone 6825 firmware
canonical/cisco ip phone 6825
canonical/cisco ip phone 7861 firmware
canonical/cisco ip phone 7861
canonical/cisco ip phone 7841 firmware
canonical/cisco ip phone 7841
canonical/cisco ip phone 7832 firmware
canonical/cisco ip phone 7832
canonical/cisco ip phone 7821 firmware
canonical/cisco ip phone 7821
canonical/cisco ip phone 7811 firmware
canonical/cisco ip phone 7811
canonical/cisco ip phone 8865 firmware
canonical/cisco ip phone 8865
canonical/cisco ip phone 8861 firmware
canonical/cisco ip phone 8861
canonical/cisco ip phone 8851 firmware
canonical/cisco ip phone 8851
canonical/cisco ip phone 8845 firmware
canonical/cisco ip phone 8845
canonical/cisco ip phone 8841 firmware
canonical/cisco ip phone 8841
canonical/cisco ip phone 8832 firmware
canonical/cisco ip phone 8832
canonical/cisco ip phone 8811 firmware
canonical/cisco ip phone 8811
canonical/cisco ip phone 8831 firmware
canonical/cisco ip phone 8831
canonical/cisco unified ip phone 7945g firmware
canonical/cisco unified ip phone 7945g
canonical/cisco unified ip phone 7965g firmware
canonical/cisco unified ip phone 7965g
canonical/cisco unified ip phone 7975g firmware
canonical/cisco unified ip phone 7975g