Cisco released on Wednesday security patches for vulnerabilities present in its IP Phone 7800 and 8800 series. An attacker could exploit most of the flaws remotely without being authenticated.
The company says that it has no knowledge of any of the issues being exploited in the wild.
Plenty of DoS opportunities
All the vulnerabilities affect the 8800 series, while one that enables a denial-of-service (DoS) condition on the target, CVE-2019-1716, also impacts Cisco IP Phone 7800 series.
It stems from improper validation of user input during the authentication process and could be leveraged to execute arbitrary code, too.
"An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials," the
security advisory reads.
Another flaw leading to a DoS state is CVE-2019-1766, which a remote attacker could exploit by sending a crafted, remote connection request; this would allow writing a file that exhausts the available disk space.
... ... ...