A critical vulnerability has been discovered in the Cisco IP Phone Series that could allow attackers to remotely execute code and gain full control of the affected device. The vulnerability, tracked as CVE-2023-29569, is due to improper validation of user-supplied input in the HTTP server component of the affected IP phones. A remote attacker could exploit this flaw by sending a crafted HTTP request to the targeted device, leading to the execution of arbitrary code with root privileges. The vulnerability affects all Cisco IP Phone Series devices running firmware versions earlier than 12.5(1)SR3. Cisco has released security updates to address the issue, and users are advised to apply the patches immediately. This is yet another example of the critical importance of keeping software and firmware up to date in order to protect against known vulnerabilities.
Source: The Hacker News
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.