Cisco Fixes High-Severity Vulnerabilities in IP Phone 77800, 8800
Cisco released on Wednesday security patches for vulnerabilities present in its IP Phone 7800 and 8800 series. An attacker could exploit most of the flaws remotely without being authenticated.
The company says that it has no knowledge of any of the issues being exploited in the wild.
Plenty of DoS opportunities
All the vulnerabilities affect the 8800 series, while one that enables a denial-of-service (DoS) condition on the target, CVE-2019-1716, also impacts Cisco IP Phone 7800 series.
It stems from improper validation of user input during the authentication process and could be leveraged to execute arbitrary code, too.
"An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials," the security advisory reads.
Another flaw leading to a DoS state is CVE-2019-1766, which a remote attacker could exploit by sending a crafted, remote connection request; this would allow writing a file that exhausts the available disk space.
Cisco also patched a glitch (CVE-2019-1763) in the authorization management interface of its 8800 IP phones that could be leveraged without authentication.
The problem is in firmware versions 11.0(5) and 12.5(1)SR, which failed to sanitize URLs before it handles requests. As a result, a malicious actor could submit a crafted link to gain access to critical services and cause a DoS condition.
CSRF and path traversal
The vulnerabilities with the highest severity score, 8.1 out of 10, are a path traversal and a cross-site request forgery (CSRF).
Insufficient protections in the web-based management interface of Cisco's Session Initiation Protocol (SIP) Software 11.0(5) and 12.5(1)SR allow CSRF attacks.
An authenticated user of the interface would have to click on a malicious link from the adversary, who could then perform arbitrary actions through the web browser, with the same privileges of the logged-in user.
Tracked as CVE-2019-1765, the path traversal results from a combination of insufficient input validation and file-level permissions.
It gives an authenticated adversary write access to the filesystem of Cisco's 8800 series IP phones and permits writing files of the attacker's choice to arbitrary locations on affected products.
Cisco says that there are no workarounds for any of the problems it patched on Wednesday and installing the software updates is the only mitigation method. The new firmware is available only for customers with a valid license.
All the issues were reported by David Gullasch of modzero AG. CVE-2019-1716 was also spotted and reported by Denys Vozniuk of DarkMatter.
Gloss