Description
A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system. Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Attack Vector
- network
- Complexity
- low
- Privileges
- none
- User Action
- none
- Scope
- unchanged
- Confidentiality
- none
- Integrity
- low
- Availability
- none
- Weaknesses
- CWE-284
Metadata
- Primary Vendor
- CISCO
- Published
- 9/3/2025
- Last Modified
- 1/5/2026
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
cisco : desk_phone_9841_firmwarecisco : desk_phone_9851_firmwarecisco : desk_phone_9861_firmwarecisco : desk_phone_9871_firmwarecisco : ip_phone_7811_firmwarecisco : ip_phone_7811_firmwarecisco : ip_phone_7811_firmwarecisco : ip_phone_7821_firmwarecisco : ip_phone_7821_firmwarecisco : ip_phone_7821_firmwarecisco : ip_phone_7841_firmwarecisco : ip_phone_7841_firmwarecisco : ip_phone_7841_firmwarecisco : ip_phone_7861_firmwarecisco : ip_phone_7861_firmwarecisco : ip_phone_7861_firmwarecisco : ip_phone_8811_firmwarecisco : ip_phone_8811_firmwarecisco : ip_phone_8811_firmwarecisco : ip_phone_8841_firmwarecisco : ip_phone_8841_firmwarecisco : ip_phone_8841_firmwarecisco : ip_phone_8845_firmwarecisco : ip_phone_8845_firmwarecisco : ip_phone_8845_firmwarecisco : ip_phone_8851_firmwarecisco : ip_phone_8851_firmwarecisco : ip_phone_8851_firmwarecisco : ip_phone_8851nr_firmwarecisco : ip_phone_8851nr_firmwarecisco : ip_phone_8851nr_firmwarecisco : ip_phone_8861_firmwarecisco : ip_phone_8861_firmwarecisco : ip_phone_8861_firmwarecisco : ip_phone_8865_firmwarecisco : ip_phone_8865_firmwarecisco : ip_phone_8865_firmwarecisco : video_phone_8875_firmwarecisco : video_phone_8875_firmwarecisco : video_phone_8875_firmwarecisco : video_phone_8875_firmwarecisco : ip_phone_8821_firmwarecisco : ip_phone_8821_firmwarecisco : ip_phone_8821_firmwarecisco : ip_phone_8821_firmwarecisco : ip_phone_8821_firmwarecisco : ip_phone_8821_firmwarecisco : ip_phone_8821_firmware
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.