Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Members of public are advised to stay vigilant and not follow any instructions given by these scammers. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Cisco IP Phones
Alerts

Critical Vulnerability in Cisco IP Phones

2 March 2023

Cisco has released software updates to address a critical vulnerability (CVE-2023-20078) in the web-based management interface of certain Cisco IP Phones.

The vulnerability is due to insufficient validation of user-supplied input, allowing an attacker to send a crafted request to the web-based management interface.

Successful exploitation of this vulnerability could allow a remote and unauthenticated attacker to execute arbitrary commands on the underlying operating system of an affected device with root privileges.

The vulnerability affects the following Cisco products running a vulnerable release (versions prior to 11.3.7SR1) of Cisco Multiplatform Firmware:

  • IP Phone 6800 Series

  • IP Phone 7800 Series

  • IP Phone 8800 Series


Users and administrators of affected product versions are advised to upgrade to the latest versions immediately.

More information is available here:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP