The most serious vulnerabilities in Cisco’s 8800 Series IP Phones could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack or write arbitrary files to the filesystem.
Cisco Systems is urging customers to update several models of their IP phones after issuing patches for five high-severity flaws found in its popular business-focused IP phones.
Impacted are Cisco’s IP Phone 8800 series, which are business desk phones that have HD video included and its IP Phone 7800 series, which are meant for desktops and conference rooms in businesses. The vulnerabilities could allow unauthenticated, remote attackers to conduct a cross-site request forgery attack, launch denial of service attacks or write arbitrary files to the targeted device’s filesystem.
Read more…
Source: ThreatPost