Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability

Posted by Benoit Desnoyers on Mar 22, 2019 3:14:47 PM

Cisco IP phone Vulnerability

On March 20th, Cisco released a security update for their line of 7800 and 8800 Series Cisco phones. 

The vulnerability is in the web-based management interface of Session Initiation Protocol (SIP) Software. This vulnerability could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code.

According to Cisco, the vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition, or executing arbitrary code with the privileges of the app user.

Cisco has released free software updates that address the vulnerability. Customers may only install and expect support for software versions and feature sets for which they have purchased a license.

Customers who purchased directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC 

For current Stack8 clients, our team is working hard analyzing your environment to create a CR to apply the fix promptly if needed.

If you have any questions, do not hesitate to contact your Stack8 UC specialist. If you would like to know more on how Stack8 can help your enterprise to be proactive on those alerts, please reach out to us.

Topics: SIP, 7800 Series Phones, 8800 Series Phones

Don’t miss out. Expert advice straight to your inbox!

Insightful tips, troubleshooting and solutions for your everyday Unified Communications challenges from our team of experts. You can look forward to:

  • Weekly UC tips;
  • Cisco Unified Communications insights;
  • UCCX - Contact Center insights;
  • Network and Security insights;
  • Cisco Release notes and Product reviews.

Posts by Topic

see all
Join us for free live demo

Recent Posts