Vulnslist

find the latest Cisco vulnerabilities

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability

cisco-sa-voip-phone-csrf-K56vXvVx · Medium · Published · Updated

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-csrf-K56vXvVx

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2022-20774
Cisco Bug IDsCSCvz56447
CVSS ScoreBase 6.8
Base 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco IP Phone 7800 Series with Multiplatform Firmware, Cisco IP Phone 6800 Series with Multiplatform Firmware, Cisco IP Phone 8800 Series with Multiplatform Firmware, Cisco IP Phones with Multiplatform Firmware

CSAF Product Statuses

Product Status Source CVE Rows
Cisco IP Phone 6800 Series with Multiplatform Firmware known_affected cisco_csaf CVE-2022-20774 1
Cisco IP Phone 7800 Series with Multiplatform Firmware known_affected cisco_csaf CVE-2022-20774 1
Cisco IP Phone 8800 Series with Multiplatform Firmware known_affected cisco_csaf CVE-2022-20774 1
Cisco IP Phones with Multiplatform Firmware known_affected cisco_csaf CVE-2022-20774 1

Related Products

Product CVE Evidence
Cisco IP phone CVE-2022-20774 Cisco OpenVuln
Cisco IP Phone 6800 Series with Multiplatform Firmware CVE-2022-20774 Cisco OpenVuln · family-level
Cisco IP Phone 7800 Series CVE-2022-20774 Cisco OpenVuln · family-level
Cisco IP Phone 7800 Series with Multiplatform Firmware CVE-2022-20774 Cisco OpenVuln · family-level
Cisco IP Phone 8800 Series with Multiplatform Firmware CVE-2022-20774 Cisco OpenVuln · family-level
Cisco IP Phones with Multiplatform Firmware CVE-2022-20774 Cisco OpenVuln
Cisco 8000 Series Routers CVE-2022-20774 Cisco OpenVuln