Informazioni sul CVE-2019-1764
Cisco IP Phone 8800 Series Cross-Site Request Forgery Vulnerability
CWE ID: CWE-352
Base Score (CVSS): N/A
CVE: CVE-2019-1764
Descrizione: A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
Prodotti interessati
- Cisco – Cisco Wireless IP Phone 8821 and 8821-EX
- Cisco – Cisco IP Conference Phone 8832 and the rest of the IP Phone 8800 Series
Relazioni con altri prodotti
Produttore:Cisco
Prodotto: Cisco Wireless IP Phone 8821 and 8821-EX
Anno: 2019
CWE: CWE-352
CVSS: 0.0
Produttore:Cisco
Prodotto: Cisco IP Conference Phone 8832 and the rest of the IP Phone 8800 Series
Anno: 2019
CWE: CWE-352
CVSS: 0.0