A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system.

IP Phone 6800, 7800, and 8800 Multiplatform Firmware

Video Phone 8875

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Full description of the vulnerability is available on the following link:

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability

1. Confirm whether you’re using any of the impacted devices:

• IP Phone 6800 Series with Multiplatform Firmware
• IP Phone 7800 Series with Multiplatform Firmware
• IP Phone 8800 Series with Multiplatform Firmware
• Video Phone 8875

2. If you’re using any of the impacted devices with the affected software, please download the newest software version.

3. To get the relevant software, refer to the files below.

IP Phone 6800 Series with Multiplatform Firmware:

• 6821 - Download link
• 6841/51/61/71 - Download link

IP Phone 7800 Series with Multiplatform Firmware

• 7811/21/41/61 - Download link
• 7832 - Download link

IP Phone 8800 Series with Multiplatform Firmware

• 8811/41/51/51NR/61 - Download link
• 8845/65/65NR - Download link
• 8831 - EoL
• 8832/32NR - Download link
• 8821/21-EX - Download link

Video Phone 8875 - Download link