In order to fix a serious bug affecting its IP Phone 6800, 7800, 7900, and 8800 Series equipment, Cisco released security upgrades on Wednesday. An unauthenticated, remote attacker could inject arbitrary commands that are executed with root privileges on the underlying operating system if the problem is successfully exploited.
The vulnerability, identified as CVE-2023-20078, is defined as a command injection flaw in the web-based administration interface resulting from insufficient validation of user-supplied input. It is rated 9.8 out of 10 on the CVSS rating system.