March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Update – Threat Alert: Pakistan’s Cyberspace Targeted by ISIS-Affiliated Hackers
March 2, 2023Rewterz Threat Advisory – Multiple Cisco Unified Intelligence Center Vulnerabilities
March 2, 2023Rewterz Threat Update – Threat Alert: Pakistan’s Cyberspace Targeted by ISIS-Affiliated Hackers
March 2, 2023Rewterz Threat Advisory – Multiple Cisco Unified Intelligence Center Vulnerabilities
March 2, 2023
Severity
High
Analysis Summary
CVE-2023-20078 CVSS:9.8
Cisco IP Phone 6800, 7800, and 8800 Series could allow a remote attacker to execute arbitrary commands on the system, caused by insufficient validation of user-supplied input in the web-based management interface. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands with root privileges on the system.
CVE-2023-20079 CVSS:7.5
Cisco IP Phone 6800, 7800, and 8800 Series are vulnerable to a denial of service, caused by insufficient validation of user-supplied input in the web-based management interface. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service.
Impact
- Command Execution
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-20011
- CVE-2023-20089
- CVE-2023-20012
Affected Vendors
Cisco
Affected Products
- Cisco IP Phone 6800 Series
- Cisco IP Phone 7800 Series
- Cisco IP Phone 8800 Series
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.