What is the severity of cisco-sa-mpp-xss-8tAV2TvF?

The severity of cisco-sa-mpp-xss-8tAV2TvF is considered high due to the potential for stored cross-site scripting attacks.

How do I fix cisco-sa-mpp-xss-8tAV2TvF?

To fix cisco-sa-mpp-xss-8tAV2TvF, upgrade your affected Cisco devices to the latest firmware version as recommended by Cisco.

What devices are affected by cisco-sa-mpp-xss-8tAV2TvF?

The affected devices include Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, 8800 Series, and Cisco Video Phone 8875.

Can cisco-sa-mpp-xss-8tAV2TvF be exploited remotely?

Yes, cisco-sa-mpp-xss-8tAV2TvF can be exploited remotely by an authenticated attacker.

What type of attack is associated with cisco-sa-mpp-xss-8tAV2TvF?

cisco-sa-mpp-xss-8tAV2TvF is associated with stored cross-site scripting (XSS) attacks.

Vulnerability/
cisco-sa-mpp-xss-8tAV2TvF

CWE

6/11/2024

cisco-sa-mpp-xss-8tAV2TvF: Cisco 6800, 7800, 8800, and 9800 Series Phones with Multiplatform Firmware Stored Cross-Site Scripting Vulnerabilities

First published: Wed Nov 06 2024(Updated: )

Multiple vulnerabilities in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users.These vulnerabilities exist because the web UI of an affected device does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Note: To exploit these vulnerabilities, Web Access must be enabled on the phone and the attacker must have Admin credentials on the device. Web Access is disabled by default.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF

Affected Software	Affected Version	How to fix
Cisco Desk Phone 9800 Series
Cisco IP Phone 6800 Series
Cisco IP Phone 7800 Series Firmware
Cisco IP Phone 8800 Series Software
Cisco Video Phone 8875

Never miss a vulnerability like this again

Reference Links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF

Frequently Asked Questions

What is the severity of cisco-sa-mpp-xss-8tAV2TvF?
The severity of cisco-sa-mpp-xss-8tAV2TvF is considered high due to the potential for stored cross-site scripting attacks.
How do I fix cisco-sa-mpp-xss-8tAV2TvF?
To fix cisco-sa-mpp-xss-8tAV2TvF, upgrade your affected Cisco devices to the latest firmware version as recommended by Cisco.
What devices are affected by cisco-sa-mpp-xss-8tAV2TvF?
The affected devices include Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, 8800 Series, and Cisco Video Phone 8875.
Can cisco-sa-mpp-xss-8tAV2TvF be exploited remotely?
Yes, cisco-sa-mpp-xss-8tAV2TvF can be exploited remotely by an authenticated attacker.
What type of attack is associated with cisco-sa-mpp-xss-8tAV2TvF?
cisco-sa-mpp-xss-8tAV2TvF is associated with stored cross-site scripting (XSS) attacks.

agent/title
agent/references
agent/last-modified-date
agent/first-publish-date
agent/type
agent/event
collector/cisco-recent
source/Cisco
agent/weakness
agent/severity
agent/description
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco desk phone 9800 series
canonical/cisco ip phone 6800 series
canonical/cisco ip phone 7800 series firmware
canonical/cisco ip phone 8800 series software
canonical/cisco video phone 8875