Multiple Vulnerabilities Found in Cisco IP Phones Web-Based Management Interface
Multiple Vulnerabilities Found in Cisco IP Phones Web-Based Management Interface
Threat Level
Vulnerability Report
Follow Hive Pro for a detailed threat advisory, download the pdf file here from HiveForce Labs.
Summary
Cisco has disclosed two high-severity vulnerabilities affecting its IP phones, with one causing remote code execution (RCE) and the other enabling denial-of-service (DoS) attacks. Both vulnerabilities stem from insufficient validation of user-supplied input and can be exploited using malicious requests sent to the targeted device’s web-based management interface.