Rewterz Threat Advisory – Cisco IP Phones Web Application Buffer Overflow
April 17, 2020Rewterz Threat Alert – TrickBot Banking Trojan – Latest IOC’s
April 20, 2020Rewterz Threat Advisory – Cisco IP Phones Web Application Buffer Overflow
April 17, 2020Rewterz Threat Alert – TrickBot Banking Trojan – Latest IOC’s
April 20, 2020Severity
High
Analysis Summary
The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user with an active session on an affected device to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions, including modifying the configuration, with the privilege level of the user.
Impact
Cross site request forgery
Affected Vendors
Cisco
Affected Products
Cisco Mobility Express Software
Remediation
Please refer to vendor’s advisory for the list of affected products and patches.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mob-exp-csrf-b8tFec24