// For flags

CVE-2022-20774

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability

Severity Score

8.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Track
*SSVC
Descriptions

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.

Una vulnerabilidad en la interfaz de administración basada en web de los teléfonos IP de las series 6800, 7800 y 8800 de Cisco con firmware multiplataforma podría permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site request forgery (CSRF) contra un usuario de la interfaz basada en la web de un sistema afectado. Esta vulnerabilidad es debido a unas protecciones insuficientes de tipo CSRF para la interfaz de administración basada en web de un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad al persuadir a un usuario autenticado de la interfaz para que siga un enlace diseñado. Una explotación con éxito podría permitir al atacante llevar a cabo cambios de configuración en el dispositivo afectado, resultando en una condición de denegación de servicio (DoS)

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:Track
Exploitation
None
Automatable
No
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2021-11-02 CVE Reserved
  • 2022-04-06 CVE Published
  • 2023-10-28 EPSS Updated
  • 2024-11-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-345: Insufficient Verification of Data Authenticity
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Ip Phone 6871 Firmware
Search vendor "Cisco" for product "Ip Phone 6871 Firmware"
< 11.3.5
Search vendor "Cisco" for product "Ip Phone 6871 Firmware" and version " < 11.3.5"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 6871
Search vendor "Cisco" for product "Ip Phone 6871"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 6861 Firmware
Search vendor "Cisco" for product "Ip Phone 6861 Firmware"
< 11.3.5
Search vendor "Cisco" for product "Ip Phone 6861 Firmware" and version " < 11.3.5"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 6861
Search vendor "Cisco" for product "Ip Phone 6861"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 6851 Firmware
Search vendor "Cisco" for product "Ip Phone 6851 Firmware"
< 11.3.5
Search vendor "Cisco" for product "Ip Phone 6851 Firmware" and version " < 11.3.5"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 6851
Search vendor "Cisco" for product "Ip Phone 6851"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 6841 Firmware
Search vendor "Cisco" for product "Ip Phone 6841 Firmware"
< 11.3.5
Search vendor "Cisco" for product "Ip Phone 6841 Firmware" and version " < 11.3.5"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 6841
Search vendor "Cisco" for product "Ip Phone 6841"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 6825 Firmware
Search vendor "Cisco" for product "Ip Phone 6825 Firmware"
< 11.3.5
Search vendor "Cisco" for product "Ip Phone 6825 Firmware" and version " < 11.3.5"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 6825
Search vendor "Cisco" for product "Ip Phone 6825"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 7861 Firmware
Search vendor "Cisco" for product "Ip Phone 7861 Firmware"
< 11.3.5
Search vendor "Cisco" for product "Ip Phone 7861 Firmware" and version " < 11.3.5"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 7861
Search vendor "Cisco" for product "Ip Phone 7861"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 7841 Firmware
Search vendor "Cisco" for product "Ip Phone 7841 Firmware"
< 11.3.5
Search vendor "Cisco" for product "Ip Phone 7841 Firmware" and version " < 11.3.5"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 7841
Search vendor "Cisco" for product "Ip Phone 7841"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 7832 Firmware
Search vendor "Cisco" for product "Ip Phone 7832 Firmware"
< 11.3.5
Search vendor "Cisco" for product "Ip Phone 7832 Firmware" and version " < 11.3.5"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 7832
Search vendor "Cisco" for product "Ip Phone 7832"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 7821 Firmware
Search vendor "Cisco" for product "Ip Phone 7821 Firmware"
< 11.3.5
Search vendor "Cisco" for product "Ip Phone 7821 Firmware" and version " < 11.3.5"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 7821
Search vendor "Cisco" for product "Ip Phone 7821"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 7811 Firmware
Search vendor "Cisco" for product "Ip Phone 7811 Firmware"
< 11.3.5
Search vendor "Cisco" for product "Ip Phone 7811 Firmware" and version " < 11.3.5"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 7811
Search vendor "Cisco" for product "Ip Phone 7811"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 8865 Firmware
Search vendor "Cisco" for product "Ip Phone 8865 Firmware"
< 11.3.5
Search vendor "Cisco" for product "Ip Phone 8865 Firmware" and version " < 11.3.5"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 8865
Search vendor "Cisco" for product "Ip Phone 8865"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 8861 Firmware
Search vendor "Cisco" for product "Ip Phone 8861 Firmware"
< 11.3.5
Search vendor "Cisco" for product "Ip Phone 8861 Firmware" and version " < 11.3.5"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 8861
Search vendor "Cisco" for product "Ip Phone 8861"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 8851 Firmware
Search vendor "Cisco" for product "Ip Phone 8851 Firmware"
< 11.3.5
Search vendor "Cisco" for product "Ip Phone 8851 Firmware" and version " < 11.3.5"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 8851
Search vendor "Cisco" for product "Ip Phone 8851"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 8845 Firmware
Search vendor "Cisco" for product "Ip Phone 8845 Firmware"
< 11.3.5
Search vendor "Cisco" for product "Ip Phone 8845 Firmware" and version " < 11.3.5"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 8845
Search vendor "Cisco" for product "Ip Phone 8845"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 8841 Firmware
Search vendor "Cisco" for product "Ip Phone 8841 Firmware"
< 11.3.5
Search vendor "Cisco" for product "Ip Phone 8841 Firmware" and version " < 11.3.5"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 8841
Search vendor "Cisco" for product "Ip Phone 8841"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 8832 Firmware
Search vendor "Cisco" for product "Ip Phone 8832 Firmware"
< 11.3.5
Search vendor "Cisco" for product "Ip Phone 8832 Firmware" and version " < 11.3.5"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 8832
Search vendor "Cisco" for product "Ip Phone 8832"
--
Safe
Cisco
Search vendor "Cisco"
Ip Phone 8811 Firmware
Search vendor "Cisco" for product "Ip Phone 8811 Firmware"
< 11.3.5
Search vendor "Cisco" for product "Ip Phone 8811 Firmware" and version " < 11.3.5"
-
Affected
in Cisco
Search vendor "Cisco"
Ip Phone 8811
Search vendor "Cisco" for product "Ip Phone 8811"
--
Safe