Vulnslist

find the latest Cisco vulnerabilities

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Scripting Vulnerability

cisco-sa-20200108-iphone-xss · Medium · Published · Updated

A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based GUI of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200108-iphone-xss

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2019-16008
Cisco Bug IDsCSCvq85331
CVSS ScoreBase 5.4
Base 5.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco IP Phone 7800 Series with Multiplatform Firmware, Cisco IP Phone 6800 Series with Multiplatform Firmware, Cisco IP Phone 8800 Series with Multiplatform Firmware

CSAF Product Statuses

Product Status Source CVE Rows
Cisco IP Phone 6800 Series with Multiplatform Firmware known_affected cisco_csaf CVE-2019-16008 1
Cisco IP Phone 7800 Series with Multiplatform Firmware known_affected cisco_csaf CVE-2019-16008 1
Cisco IP Phone 8800 Series with Multiplatform Firmware known_affected cisco_csaf CVE-2019-16008 1

Related Products

Product CVE Evidence
Cisco IP phone CVE-2019-16008 Cisco OpenVuln
Cisco IP Phone 6800 Series with Multiplatform Firmware CVE-2019-16008 Cisco CSAF
Cisco IP Phone 7800 Series CVE-2019-16008 Cisco OpenVuln · family-level
Cisco IP Phone 7800 Series with Multiplatform Firmware CVE-2019-16008 Cisco CSAF
Cisco IP Phone 8800 Series with Multiplatform Firmware CVE-2019-16008 Cisco CSAF
Cisco 8000 Series Routers CVE-2019-16008 Cisco OpenVuln