CVE-2023-20221

Summary

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco IP Phones with Multiplatform Firmware11.3.1 MSR2-6affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.1 MSR3-3affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.2affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.3affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.4affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.5affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.3 MSR1affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.6affected
CiscoCisco IP Phones with Multiplatform Firmware11-3-1MPPSR4UPGaffected
CiscoCisco IP Phones with Multiplatform Firmware11.3.7affected
CiscoCisco IP Phones with Multiplatform Firmware11-3-1MSR2UPGaffected
CiscoCisco IP Phones with Multiplatform Firmware11.3.6SR1affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.7SR1affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.7SR2affected
CiscoCisco IP Phones with Multiplatform Firmware11.0.0affected
CiscoCisco IP Phones with Multiplatform Firmware11.0.1affected
CiscoCisco IP Phones with Multiplatform Firmware11.0.1 MSR1-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.0.2affected
CiscoCisco IP Phones with Multiplatform Firmware11.1.1affected
CiscoCisco IP Phones with Multiplatform Firmware11.1.1 MSR1-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.1.1 MSR2-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.1.2affected
CiscoCisco IP Phones with Multiplatform Firmware11.1.2 MSR1-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.1.2 MSR3-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.2.1affected
CiscoCisco IP Phones with Multiplatform Firmware11.2.2affected
CiscoCisco IP Phones with Multiplatform Firmware11.2.3affected
CiscoCisco IP Phones with Multiplatform Firmware11.2.3 MSR1-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.2.4affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.1affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.1 MSR1-3affected
CiscoCisco PhoneOS1.0.1affected

Weaknesses

  • CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

References