Preface: Cisco has announcement yesterday that there are vulnerabilities found on IP Phone 8800 Series.
About IP Phone 8800 Series: The Cisco IP Phone 8800 Series delivers HD video and VoIP communications, and integrates with your mobile device to meet your business needs.
Vulnerability details are shown as below:
- Cisco IP Phone 8800 Series Path Traversal Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipptv
- Cisco IP Phone 8800 Series File Upload Denial of Service Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipfudos
- Cisco IP Phone 8800 Series Authorization Bypass Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ipab
- Cisco IP Phone 7800 Series and 8800 Series Remote Code Execution Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-rce
- Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190320-ip-phone-csrf
Synopsis of 2 items of vulnerability: Perhaps Cisco did not provides the vulnerability details on CVE-2019-1716 and CVE-2019-1763. However there are hints let’s we can speculate those issues. Web applications are highly vulnerable to input validation errors. Inputting the invalid entry “!@#$%^&*()” on a vulnerable web application may cause performance issues or denial of service on a vulnerable system or invalid passwords such as “pwd’” or “1=1— ” may result in unauthorized access.