A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCisco 8831
HWCiscowszystkie wersjeCisco 8831 Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1Cisco Ip Phone 7811
HWCiscowszystkie wersjeCisco Ip Phone 7811 Firmware
OSCisco11.0\(1\)Cisco Ip Phone 7821
HWCiscowszystkie wersjeCisco Ip Phone 7821 Firmware
OSCisco11.0\(1\)Cisco Ip Phone 7841
HWCiscowszystkie wersjeCisco Ip Phone 7841 Firmware
OSCisco11.0\(1\)Cisco Ip Phone 7861
HWCiscowszystkie wersjeCisco Ip Phone 7861 Firmware
OSCisco11.0\(1\)Cisco Ip Phone 8811
HWCiscowszystkie wersjeCisco Ip Phone 8811 Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1Cisco Ip Phone 8821
HWCiscowszystkie wersjeCisco Ip Phone 8821 Ex
HWCiscowszystkie wersjeCisco Ip Phone 8821 Ex Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1Cisco Ip Phone 8821 Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1Cisco Ip Phone 8841
HWCiscowszystkie wersjeCisco Ip Phone 8841 Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1Cisco Ip Phone 8845
HWCiscowszystkie wersjeCisco Ip Phone 8845 Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1Cisco Ip Phone 8851
HWCiscowszystkie wersjeCisco Ip Phone 8851 Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1Cisco Ip Phone 8861
HWCiscowszystkie wersjeCisco Ip Phone 8861 Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1Cisco Ip Phone 8865
HWCiscowszystkie wersjeCisco Ip Phone 8865 Firmware
OSCisco10.3\(1\)es1411.0\(1\)11.0\(5\)sr1
CISA KEV — detailsi
- Vendori
- Cisco ↗
- Producti
- Cisco IP Phones
- Added to KEVi
- November 3, 2021
- Remediation deadline (US Federal)i
- May 3, 2022(overdue)
Apply updates per vendor instructions.
Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition.
Related vulnerabilities
The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability tha...
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unaut...
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unaut...
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain eleva...
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco I...