A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2019-03-22T20:05:29.129200Z
Updated: 2024-11-21T19:42:07.909Z
Reserved: 2018-12-06T00:00:00
Link: CVE-2019-1764
Vulnrichment
Updated: 2024-08-04T18:28:42.512Z
NVD
Status : Modified
Published: 2019-03-22T20:29:00.447
Modified: 2024-11-21T04:37:19.503
Link: CVE-2019-1764
Redhat
No data.