CVE-2022-20774

Published: Apr 6, 2022Modified: Nov 21, 2024

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Exploitability: 2.8 / Impact: 5.2

Source: NVD

Description

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.

Affected (17)

Products: Cisco: Ip Phone 6871 Firmware, Ip Phone 6861 Firmware, Ip Phone 6851 Firmware, Ip Phone 6841 Firmware, Ip Phone 6825 Firmware, Ip Phone 7861 Firmware, Ip Phone 7841 Firmware, Ip Phone 7832 Firmware, Ip Phone 7821 Firmware, Ip Phone 7811 Firmware, Ip Phone 8865 Firmware, Ip Phone 8861 Firmware, Ip Phone 8851 Firmware, Ip Phone 8845 Firmware, Ip Phone 8841 Firmware, Ip Phone 8832 Firmware, Ip Phone 8811 Firmware

Cisco

17 products

Ip Phone 6871 Firmware

Ip Phone 6861 Firmware

Ip Phone 6851 Firmware

Ip Phone 6841 Firmware

Ip Phone 6825 Firmware

Ip Phone 7861 Firmware

Ip Phone 7841 Firmware

Ip Phone 7832 Firmware

Ip Phone 7821 Firmware

Ip Phone 7811 Firmware

Ip Phone 8865 Firmware

Ip Phone 8861 Firmware

Ip Phone 8851 Firmware

Ip Phone 8845 Firmware

Ip Phone 8841 Firmware

Ip Phone 8832 Firmware

Ip Phone 8811 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 6871 Firmware	Before 11.3.5

Running on/with	Platform Versions
Cisco Ip Phone 6871	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 6861 Firmware	Before 11.3.5

Running on/with	Platform Versions
Cisco Ip Phone 6861	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 6851 Firmware	Before 11.3.5

Running on/with	Platform Versions
Cisco Ip Phone 6851	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 6841 Firmware	Before 11.3.5

Running on/with	Platform Versions
Cisco Ip Phone 6841	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 6825 Firmware	Before 11.3.5

Running on/with	Platform Versions
Cisco Ip Phone 6825	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7861 Firmware	Before 11.3.5

Running on/with	Platform Versions
Cisco Ip Phone 7861	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7841 Firmware	Before 11.3.5

Running on/with	Platform Versions
Cisco Ip Phone 7841	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7832 Firmware	Before 11.3.5

Running on/with	Platform Versions
Cisco Ip Phone 7832	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7821 Firmware	Before 11.3.5

Running on/with	Platform Versions
Cisco Ip Phone 7821	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7811 Firmware	Before 11.3.5

Running on/with	Platform Versions
Cisco Ip Phone 7811	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8865 Firmware	Before 11.3.5

Running on/with	Platform Versions
Cisco Ip Phone 8865	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8861 Firmware	Before 11.3.5

Running on/with	Platform Versions
Cisco Ip Phone 8861	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8851 Firmware	Before 11.3.5

Running on/with	Platform Versions
Cisco Ip Phone 8851	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8845 Firmware	Before 11.3.5

Running on/with	Platform Versions
Cisco Ip Phone 8845	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8841 Firmware	Before 11.3.5

Running on/with	Platform Versions
Cisco Ip Phone 8841	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8832 Firmware	Before 11.3.5

Running on/with	Platform Versions
Cisco Ip Phone 8832	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8811 Firmware	Before 11.3.5

Running on/with	Platform Versions
Cisco Ip Phone 8811	All versions

Related CWEs

CWE-345

Insufficient Verification of Data Authenticity

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-csrf-K56vXvVx

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-csrf-K56vXvVx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.