Day: 8 marzo, 2023

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. This advisory is available at the following More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20IP%20Phone%206800,%207800,%207900,%20and%208800%20Series%20Web%20UI%20Vulnerabilities&vs_k=1

Update for March 2, 2023: Since this advisory originally published, Cisco has become aware of an issue in a fix for older major Cisco Secure Web Appliance software releases. That issue introduced additional vulnerabilities in releases 14.5.0-537 and 14.5.1-008. Cisco is investigating these new issues and will provide a fix in April 2023 for software releases later than Release 14.5.1-008. These fixes will address all known filter bypass vulnerabilities that are listed in this advisory, as well More info: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-bypass-bwBfugek?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Secure%20Web%20Appliance%20Content%20Encoding%20Filter%20Bypass%20Vulnerabilities&vs_k=1