CVE-2023-20079: Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities
First published: Fri Mar 03 2023(Updated: )
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IP Phone 6871 firmware | <11.3.7sr1 | |
| Cisco IP Phone 6871 firmware | ||
| cisco ip phone 6861 firmware | <11.3.7sr1 | |
| cisco ip phone 6861 | ||
| Cisco IP Phone 6851 | <11.3.7sr1 | |
| Cisco IP Phone 6851 | ||
| Cisco IP Phone 6841 firmware | <11.3.7sr1 | |
| Cisco IP Phone 6841 firmware | ||
| Cisco IP DECT 6825 Firmware | <11.3.7sr1 | |
| Cisco IP Phone 6825 | ||
| Cisco IP Phone 7861 firmware | <11.3.7sr1 | |
| Cisco IP Phone 7861 firmware | ||
| Cisco IP Phone 7841 firmware | <11.3.7sr1 | |
| Cisco IP Phone 7841 firmware | ||
| Cisco IP Conference Phone 7832 Firmware | <11.3.7sr1 | |
| Cisco IP Phone 7832 firmware | ||
| Cisco IP Phone 7821 firmware | <11.3.7sr1 | |
| Cisco IP Phone 7821 firmware | ||
| Cisco IP Phone 7811 firmware | <11.3.7sr1 | |
| Cisco IP Phone 7811 firmware | ||
| cisco ip phone 8865 firmware | <11.3.7sr1 | |
| cisco ip phone 8865 | ||
| cisco ip phone 8861 firmware | <11.3.7sr1 | |
| Cisco IP Phone 8861 Firmware 3PCC | ||
| Cisco IP Phone 8851 firmware | <11.3.7sr1 | |
| Cisco IP Phone 8851 firmware | ||
| Cisco IP Phone 8845 firmware | <11.3.7sr1 | |
| Cisco IP Phone 8845 firmware | ||
| Cisco IP Phone 8841 firmware | <11.3.7sr1 | |
| Cisco IP Phone 8841 firmware | ||
| cisco ip phone 8832 firmware | <11.3.7sr1 | |
| cisco ip phone 8832 | ||
| Cisco IP Phone 8811 firmware | <11.3.7sr1 | |
| Cisco IP Phone 8811 firmware | ||
| Cisco 8831 Firmware | <11.3.7sr1 | |
| Cisco IP Phone 8831 firmware | ||
| Cisco Unified IP Phone 7945G Firmware | <11.3.7sr1 | |
| Cisco Unified IP Phone 7945G Firmware | ||
| Cisco Unified IP Phone 7965G Firmware | <11.3.7sr1 | |
| Cisco Unified IP Phone 7965G Firmware | ||
| Cisco Unified IP Phone 7975G Firmware | <11.3.7sr1 | |
| Cisco Unified IP Phone 7975G Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-20079?
CVE-2023-20079 is a vulnerability in the web-based management interface of certain Cisco IP Phones that could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.
How severe is CVE-2023-20079?
CVE-2023-20079 has a severity rating of 7.5, which is considered critical.
Which Cisco IP Phone models are affected by CVE-2023-20079?
CVE-2023-20079 affects Cisco IP Phone models 6871, 6861, 6851, 6841, 6825, 7861, 7841, 7832, 7821, 7811, 8865, 8861, 8851, 8845, 8841, 8832, 8811, and 8831.
How do I fix CVE-2023-20079?
To fix CVE-2023-20079, update the firmware of the affected Cisco IP Phones to version 11.3.7sr1 or later.
Where can I find more information about CVE-2023-20079?
More information about CVE-2023-20079 can be found in the advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP.
- agent/weakness
- agent/type
- agent/author
- agent/references
- agent/description
- agent/title
- agent/severity
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ip phone 6871 firmware
- canonical/cisco ip phone 6861 firmware
- canonical/cisco ip phone 6861
- canonical/cisco ip phone 6851
- canonical/cisco ip phone 6841 firmware
- canonical/cisco ip dect 6825 firmware
- canonical/cisco ip phone 6825
- canonical/cisco ip phone 7861 firmware
- canonical/cisco ip phone 7841 firmware
- canonical/cisco ip conference phone 7832 firmware
- canonical/cisco ip phone 7832 firmware
- canonical/cisco ip phone 7821 firmware
- canonical/cisco ip phone 7811 firmware
- canonical/cisco ip phone 8865 firmware
- canonical/cisco ip phone 8865
- canonical/cisco ip phone 8861 firmware
- canonical/cisco ip phone 8861 firmware 3pcc
- canonical/cisco ip phone 8851 firmware
- canonical/cisco ip phone 8845 firmware
- canonical/cisco ip phone 8841 firmware
- canonical/cisco ip phone 8832 firmware
- canonical/cisco ip phone 8832
- canonical/cisco ip phone 8811 firmware
- canonical/cisco 8831 firmware
- canonical/cisco ip phone 8831 firmware
- canonical/cisco unified ip phone 7945g firmware
- canonical/cisco unified ip phone 7965g firmware
- canonical/cisco unified ip phone 7975g firmware