On March 1, 2023, Cisco, a global technology leader in networking and cybersecurity solutions, released security updates to address a critical vulnerability affecting its IP Phone 6800, 7800, 7900, and 8800 Series products. The vulnerability, identified as CVE-2023-20078, has a CVSS score of 9.8 out of 10, indicating its severity. It is a command injection bug in the web-based management interface that arises due to inadequate validation of user-supplied input. If successfully exploited, an unauthenticated, remote attacker could inject arbitrary commands that execute with the highest privileges on the underlying operating system.
Also read: Cyber Attacks on the Rise: Protecting Your Business from the Dangers of DOS/DDOS
In addition, Cisco also released a patch for a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2023-20079, affecting the same devices, as well as the Cisco Unified IP Conference Phone 8831 and Unified IP Phone 7900 Series. This flaw is also due to insufficient validation of user-supplied input in the web-based management interface and could cause a DoS condition if exploited.
While Cisco has addressed CVE-2023-20078 by releasing the Cisco Multiplatform Firmware version 11.3.7SR1, the company has no plans to fix CVE-2023-20079 as the Unified IP Conference Phone models have reached their end-of-life (EOL) stage. Cisco has not reported any known attempts of malicious exploitation of these vulnerabilities and discovered them during internal security testing.
It is worth noting that this advisory comes after Aruba Networks, a subsidiary of Hewlett Packard Enterprise, released an update to ArubaOS to fix multiple flaws, including unauthenticated command injection and stack-based buffer overflow issues, with CVSS scores of 9.8. These flaws could lead to code execution, highlighting the importance of regularly patching software and firmware to avoid security breaches and protect critical assets.
Thank you for reading our blog. Follow us on social media for more updates and feel free to contact us with any questions or comments. Share with your friends and family. We appreciate your support and look forward to sharing more valuable insights with you.