March 2, 2023Rabbi LakshmananEnterprise Security / Network Security

Cisco rolls out on Wednesday Security update To address a critical defect affecting IP Phone 6800, 7800, 7900, and 8800 series products.

This vulnerability, tracked as CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring system and is a command injection in the web-based administration interface due to insufficient validation of user input. It’s described as a bug.

Successful exploitation of this bug could allow an unauthenticated, remote attacker to inject arbitrary commands that would be executed with elevated privileges on the underlying operating system.

“An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface.” Cisco Said In an alert issued on March 1, 2023.

The company also patched a severe denial of service (DoS) vulnerability affecting the same set of devices, as well as the Cisco Unified IP Conference Phone 8831 and Unified IP Phone 7900 Series.

CVE-2023-20079 (CVSS score: 7.5) is also a result of insufficient validation of user input in the web-based administration interface and can be exploited by adversaries to cause a DoS condition.

Cisco has released Cisco Multiplatform Firmware Version 11.3.7SR1 to address CVE-2023-20078, but will fix CVE-2023-20079 as both models of Unified IP Conference Phones have reached end of life (EoL).

The company said it was not aware of any malicious exploitation attempts targeting the flaw.It also said the flaw was discovered during internal security testing.

This advisory was issued when Aruba Networks, a subsidiary of Hewlett Packard Enterprise, released an update to ArubaOS. to repair Multiple unauthenticated command injection and stack-based buffer overflow flaws (CVE-2023-22747 to CVE-2023-22752, CVSS score: 9.8) may lead to code execution.

Did you find this article interesting?Please follow us twitter and LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog