CVE-2023-20078
published 2023-03-03CVE-2023-20078: Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_ip_phones_with_multiplatform_firmware | — | — |
| cisco | ip_phone_6800_7800_and_8800_series | — | — |
| cisco | ip_phone_6825_firmware | < 11.3.7sr1 | 11.3.7sr1 |
| cisco | ip_phone_6841_firmware | < 11.3.7sr1 | 11.3.7sr1 |
| cisco | ip_phone_6851_firmware | < 11.3.7sr1 | 11.3.7sr1 |
| cisco | ip_phone_6861_firmware | < 11.3.7sr1 | 11.3.7sr1 |
| cisco | ip_phone_6871_firmware | < 11.3.7sr1 | 11.3.7sr1 |
| cisco | ip_phone_7811_firmware | < 11.3.7sr1 | 11.3.7sr1 |
| cisco | ip_phone_7821_firmware | < 11.3.7sr1 | 11.3.7sr1 |
| cisco | ip_phone_7832_firmware | < 11.3.7sr1 | 11.3.7sr1 |
| cisco | ip_phone_7841_firmware | < 11.3.7sr1 | 11.3.7sr1 |
| cisco | ip_phone_7861_firmware | < 11.3.7sr1 | 11.3.7sr1 |
| cisco | ip_phone_8811_firmware | < 11.3.7sr1 | 11.3.7sr1 |
| cisco | ip_phone_8832_firmware | < 11.3.7sr1 | 11.3.7sr1 |
| cisco | ip_phone_8841_firmware | < 11.3.7sr1 | 11.3.7sr1 |
| cisco | ip_phone_8845_firmware | < 11.3.7sr1 | 11.3.7sr1 |
| cisco | ip_phone_8851_firmware | < 11.3.7sr1 | 11.3.7sr1 |
| cisco | ip_phone_8861_firmware | < 11.3.7sr1 | 11.3.7sr1 |
| cisco | ip_phone_8865_firmware | < 11.3.7sr1 | 11.3.7sr1 |