Описание
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device.
This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.
Затрагиваемое ПО
Cisco Ip phone 6821 with multiplatform firmwareCisco Ip phone 6821Cisco Ip phone 6841 with multiplatform firmwareCisco Ip phone 6841Cisco Ip phone 6851 with multiplatform firmwareCisco Ip phone 6851Cisco Ip phone 6861 with multiplatform firmwareCisco Ip phone 6861Cisco Ip phone 6871 with multiplatform firmwareCisco Ip phone 6871Cisco Ip phone 7811 with multiplatform firmwareCisco Ip phone 7811Cisco Ip phone 7821 with multiplatform firmwareCisco Ip phone 7821Cisco Ip phone 7841 with multiplatform firmwareCisco Ip phone 7841Cisco Ip phone 7861 with multiplatform firmwareCisco Ip phone 7861Cisco Ip phone 8811 with multiplatform firmwareCisco Ip phone 8811Cisco Ip phone 8841 with multiplatform firmwareCisco Ip phone 8841Cisco Ip phone 8851 with multiplatform firmwareCisco Ip phone 8851Cisco Ip phone 8851nr with multiplatform firmware
CVSS
| Балл | 7.5 — высокая |
| Вектор | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Источники
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvShttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS