CVE-2025-20335
BaseFortify
Publication date: 2025-09-03
Last updated on: 2025-09-04
Assigner: Cisco Systems, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| cisco | ip_phone_8800_series | * |
| cisco | video_phone_8875 | * |
| cisco | desk_phone_9800_series | * |
| cisco | ip_phone_7800_series | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects certain Cisco Desk Phones and Video Phones by allowing an unauthenticated, remote attacker to write arbitrary files on the device due to improper directory permissions and lack of proper authentication controls. The attacker can exploit this by sending a specially crafted request to the device if the Web Access feature is enabled (which is disabled by default). Successful exploitation allows arbitrary file writes to specific directories on the phone's operating system. [1]
How can this vulnerability impact me? :
The vulnerability can allow an attacker to write arbitrary files on affected devices remotely without authentication, potentially leading to unauthorized modifications of the device's operating system files. This could compromise the integrity of the device, possibly enabling further attacks or disruptions. However, the impact is limited to integrity (no confidentiality or availability impact) and requires Web Access to be enabled. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, first verify if Web Access is enabled on the affected Cisco phones. You can check the phone's IP address via the device's configuration menu and attempt to access it through a web browser. If the Web Access interface is accessible, the device may be vulnerable. There are no specific commands provided to detect the vulnerability directly, but verifying Web Access status and firmware versions against fixed releases is recommended. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling Web Access on the affected devices if it is enabled, as Web Access is disabled by default and required for exploitation. Additionally, upgrade the affected devices to the fixed software versions released by Cisco: Desk Phone 9800 Series to Cisco SIP Software Release 3.3(1) or later, IP Phone 7800 and 8800 Series to Release 14.3(1)SR2 or later, IP Phone 8821 to Release 11.0(6)SR7 or later, and Video Phone 8875 to Release 3.3(1) or later. No workarounds exist other than these updates. [1]