Overview
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system.
IP Phone 6800, 7800, and 8800 Multiplatform Firmware
Cisco Multiplatform Firmware Release |
First Fixed Release |
11.3 and earlier |
Affected, please migrate to a fixed release. |
12.0 |
Not vulnerable. |
Video Phone 8875
Cisco PhoneOS Release |
First Fixed Release |
1.0 |
Affected, please migrate to a fixed release. |
2.0 |
Not vulnerable. |
2.1 |
Not vulnerable. |
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Full description of the vulnerability is available on the following link:
What do you need to do?
1. Confirm whether you’re using any of the impacted devices:
- IP Phone 6800 Series with Multiplatform Firmware
- IP Phone 7800 Series with Multiplatform Firmware
- IP Phone 8800 Series with Multiplatform Firmware
- Video Phone 8875
2. If you’re using any of the impacted devices with the affected software, please download the newest software version.
3. To get the relevant software, refer to the files below.
IP Phone 6800 Series with Multiplatform Firmware:
- 6821 - Download link
- 6841/51/61/71 - Download link
IP Phone 7800 Series with Multiplatform Firmware
- 7811/21/41/61 - Download link
- 7832 - Download link
IP Phone 8800 Series with Multiplatform Firmware
- 8811/41/51/51NR/61 - Download link
- 8845/65/65NR - Download link
- 8831 - EoL
- 8832/32NR - Download link
- 8821/21-EX - Download link
Video Phone 8875 - Download link
Service notice
If you haven't already done so, bookmark this website and register your details to receive email alerts.