TROYANOSYVIRUS
Retour aux CVEs

CVE-2023-20221

MEDIUM
6.5

Description

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition.

Details CVE

Score CVSS v3.16.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurREQUIRED
Publie8/16/2023
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0

Produits affectes

cisco:ip_conference_phone_7832cisco:ip_conference_phone_7832_with_multiplatform_firmwarecisco:ip_conference_phone_8831cisco:ip_conference_phone_8831_with_multiplatform_firmwarecisco:ip_conference_phone_8832cisco:ip_conference_phone_8832_with_multiplatform_firmwarecisco:ip_phone_6821cisco:ip_phone_6821_with_multiplatform_firmwarecisco:ip_phone_6825cisco:ip_phone_6825_with_multiplatform_firmwarecisco:ip_phone_6841cisco:ip_phone_6841_with_multiplatform_firmwarecisco:ip_phone_6851cisco:ip_phone_6851_with_multiplatform_firmwarecisco:ip_phone_6861cisco:ip_phone_6861_with_multiplatform_firmwarecisco:ip_phone_6871cisco:ip_phone_6871_with_multiplatform_firmwarecisco:ip_phone_7811cisco:ip_phone_7811_with_multiplatform_firmwarecisco:ip_phone_7821cisco:ip_phone_7821_with_multiplatform_firmwarecisco:ip_phone_7841cisco:ip_phone_7841_with_multiplatform_firmwarecisco:ip_phone_7861cisco:ip_phone_7861_with_multiplatform_firmwarecisco:ip_phone_8800_key_expansion_modulecisco:ip_phone_8800_key_expansion_module_with_multiplatform_firmwarecisco:ip_phone_8811cisco:ip_phone_8811_with_multiplatform_firmwarecisco:ip_phone_8841cisco:ip_phone_8841_with_multiplatform_firmwarecisco:ip_phone_8845cisco:ip_phone_8845_with_multiplatform_firmwarecisco:ip_phone_8851cisco:ip_phone_8851_key_expansion_modulecisco:ip_phone_8851_key_expansion_module_with_multiplatform_firmwarecisco:ip_phone_8851_with_multiplatform_firmwarecisco:ip_phone_8861cisco:ip_phone_8861_key_expansion_modulecisco:ip_phone_8861_key_expansion_module_with_multiplatform_firmwarecisco:ip_phone_8861_with_multiplatform_firmwarecisco:ip_phone_8865cisco:ip_phone_8865_with_multiplatform_firmwarecisco:video_phone_8875cisco:video_phone_8875_firmware

Faiblesses (CWE)

CWE-352CWE-352

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-csrf-HOCmXW2c(psirt@cisco.com)
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-csrf-HOCmXW2c(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.