CISCO Vulnerabilities

Published On: March 1, 2023Categories: Cyber Alerts

In today’s cybersecurity Alert, the SensCy team urges CISCO users to immediately install the latest security updates from CISCO.

In an earlier release, Cisco explained that a critical security vulnerability (CVE-2023-20078) was found in the Web IU of multiple Phone models, allowing attackers to inject arbitrary commands that will be executed with root privileges following successful exploitation.

A second vulnerability (CVE-2023-20079) was also found that be abused to trigger Denial-of-Service attacks.

Here is the list of affected devices:

  • Cisco IP Phone 6800, 7800, and 8800 series devices with Multiplatform Firmware (vulnerable to both RCE and DoS attacks)
  • Unified IP Conference Phone 8831, Unified IP Conference Phone 8831 with Multiplatform Firmware,
  • Unified IP Phone 7900 Series (only vulnerable to DoS attacks).

A patch was released for CVE-2023-20078 but the company will not patch  CVE-2023-20079 since the devices impacted have entered the end-of-life process, meaning they will not receive any support from Cisco.

Related Posts