CVE-2022-20774
Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.
Una vulnerabilidad en la interfaz de administración basada en web de los teléfonos IP de las series 6800, 7800 y 8800 de Cisco con firmware multiplataforma podría permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site request forgery (CSRF) contra un usuario de la interfaz basada en la web de un sistema afectado. Esta vulnerabilidad es debido a unas protecciones insuficientes de tipo CSRF para la interfaz de administración basada en web de un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad al persuadir a un usuario autenticado de la interfaz para que siga un enlace diseñado. Una explotación con éxito podría permitir al atacante llevar a cabo cambios de configuración en el dispositivo afectado, resultando en una condición de denegación de servicio (DoS)
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2021-11-02 CVE Reserved
- 2022-04-06 CVE Published
- 2023-10-28 EPSS Updated
- 2024-11-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-345: Insufficient Verification of Data Authenticity
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Ip Phone 6871 Firmware Search vendor "Cisco" for product "Ip Phone 6871 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 6871 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 6871 Search vendor "Cisco" for product "Ip Phone 6871" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ip Phone 6861 Firmware Search vendor "Cisco" for product "Ip Phone 6861 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 6861 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 6861 Search vendor "Cisco" for product "Ip Phone 6861" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ip Phone 6851 Firmware Search vendor "Cisco" for product "Ip Phone 6851 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 6851 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 6851 Search vendor "Cisco" for product "Ip Phone 6851" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ip Phone 6841 Firmware Search vendor "Cisco" for product "Ip Phone 6841 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 6841 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 6841 Search vendor "Cisco" for product "Ip Phone 6841" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ip Phone 6825 Firmware Search vendor "Cisco" for product "Ip Phone 6825 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 6825 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 6825 Search vendor "Cisco" for product "Ip Phone 6825" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ip Phone 7861 Firmware Search vendor "Cisco" for product "Ip Phone 7861 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 7861 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7861 Search vendor "Cisco" for product "Ip Phone 7861" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ip Phone 7841 Firmware Search vendor "Cisco" for product "Ip Phone 7841 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 7841 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7841 Search vendor "Cisco" for product "Ip Phone 7841" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ip Phone 7832 Firmware Search vendor "Cisco" for product "Ip Phone 7832 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 7832 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7832 Search vendor "Cisco" for product "Ip Phone 7832" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ip Phone 7821 Firmware Search vendor "Cisco" for product "Ip Phone 7821 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 7821 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7821 Search vendor "Cisco" for product "Ip Phone 7821" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ip Phone 7811 Firmware Search vendor "Cisco" for product "Ip Phone 7811 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 7811 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7811 Search vendor "Cisco" for product "Ip Phone 7811" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ip Phone 8865 Firmware Search vendor "Cisco" for product "Ip Phone 8865 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 8865 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8865 Search vendor "Cisco" for product "Ip Phone 8865" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ip Phone 8861 Firmware Search vendor "Cisco" for product "Ip Phone 8861 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 8861 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8861 Search vendor "Cisco" for product "Ip Phone 8861" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ip Phone 8851 Firmware Search vendor "Cisco" for product "Ip Phone 8851 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 8851 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8851 Search vendor "Cisco" for product "Ip Phone 8851" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ip Phone 8845 Firmware Search vendor "Cisco" for product "Ip Phone 8845 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 8845 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8845 Search vendor "Cisco" for product "Ip Phone 8845" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ip Phone 8841 Firmware Search vendor "Cisco" for product "Ip Phone 8841 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 8841 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8841 Search vendor "Cisco" for product "Ip Phone 8841" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ip Phone 8832 Firmware Search vendor "Cisco" for product "Ip Phone 8832 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 8832 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8832 Search vendor "Cisco" for product "Ip Phone 8832" | - | - |
Safe
|
Cisco Search vendor "Cisco" | Ip Phone 8811 Firmware Search vendor "Cisco" for product "Ip Phone 8811 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 8811 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8811 Search vendor "Cisco" for product "Ip Phone 8811" | - | - |
Safe
|