—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in CISCO 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Systems Affected

Desk Phone 9800 Series

IP Phone 7800 Series

IP Phone 8800 Series

Video Phone 8875

Overview

Multiple vulnerabilities have been reported in Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco Session Initiation Protocol (SIP) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or conduct a cross-site scripting (XSS) attack against a user of the web UI.

Target Audience: 

All IT administrators and individuals responsible for maintaining and updating in Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 running Cisco Session Initiation Protocol (SIP) Software.

Risk Assessment:

High risk of data manipulation and service disruption.

Impact Assessment:

Potential impact on confidentiality, integrity, and availability of the system.

Description

1. Denial of Service Vulnerability ( CVE-2025-20350   )

This vulnerability exists due to buffer overflow when an affected device processes HTTP packets. An attacker could exploit this vulnerability by sending crafted HTTP input to the device.

Successful exploitation of this vulnerability could allow the attacker to cause the device to reload, resulting in a DoS condition.

2. Cross-Site Scripting (XSS) vulnerability ( CVE-2025-20351   )

This vulnerability exists due the web UI of an affected device does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link.

Successful exploitation of this vulnerability could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Solution

Apply appropriate updates as mentioned in Cisco Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-dos-FPyjLV7A

Vendor Information

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-dos-FPyjLV7A

References

CISCO

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-dos-FPyjLV7A

CVE Name

CVE-2025-20350

CVE-2025-20351

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjyJucACgkQ3jCgcSdc

ys86phAAmv/sqNOoHgE6XJmF2xWvypYBFvdKACsyBVe4QMXGD2Tg/BeoOIZKybdi

quM5YOXUCfJQ2mfoXHKe3NK3f0YBIb8jUZCa8JL6ujJGmIa+ModhruJWGrgMKUU/

vOjAjsDiHz17k469Dzf8xezMSUkvBGgf9ClB5cXwcIRQicmZh7AiPrSWWdE1rsgy

DJzpXsSpMbR6RTr567jfiVSdKiUwsUZNfD41ntHAjXuKwR0a6lMWVGjiSTi01xy5

8xFcqGkeFkaN+9Tqb6Z4LrEYkOh7n7BHkOBb7IgBgscA40dvFFVDFpYZOWg8hnLj

j3y5/dKKUjN1FOcNG8OidKLG88zjIjqf1byY/t93WLmw7x37WDQCvLGN/PpWFGZ3

Qoe8XUuPDnmgFyFhmq5B/QJyTVfLjR+Tp7s5CyXnYBX2dq4czBMZ+Zr2HH88jrHn

2NU0PC/Ce7XYFtlgIsxUzWpRICFCtkUZBOulNqfaWW7zH+OM10qnuL1hmj/t1n0Z

iOcAQMZI7YeIQddXtKdDSz6FEqyx6qh2bsEAXPOHflTWr4ZsEph9t6nV48vBagk2

k94AZx/3g3rmMkN3MQ9bagisFvLslyBRewte/PU9VBdKAHUzLxzJ1N8iNjRFzLzW

CpdB3h+Ya0KCufF01ak5EQyj0CWGm1XRJfjE/RQvhBo2OsAGBwQ=

=hkZB

—–END PGP SIGNATURE—–