Primary

Context

Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability exists in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875, all running Cisco SIP Software. This vulnerability allows an unauthenticated, remote attacker to access sensitive information on the affected device. The issue arises because the product improperly exposes sensitive information to unauthorized actors. Exploitation requires Web Access to be enabled on the phone, which is disabled by default.

Impact

Successful exploitation allows access to sensitive information on the affected device.

Remediation

Cisco has released software updates to address this vulnerability. Instructions for upgrading can be found in the Cisco Security Vulnerability Policy.

Added: Sep 3, 2025, 6:37 PM

Updated: Sep 3, 2025, 6:37 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

7.0

remediation

8.3

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

7.0

remediation

8.3

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Cisco IP Phone 7800

Cisco IP Phone 8800

Cisco Video Phone 8875

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating