09-24-2023 06:48 PM
Hi,
What is the secuiry risk for enabling web access on cisco phones .
Thanks
09-24-2023 07:05 PM - edited 09-24-2023 07:06 PM
As far as I am concerned, web access to a phone is "read only" access.
And we have this enabled to all phones (including ATA) because it is vital in troubleshooting.
09-24-2023 07:33 PM
Hi ,
Thanks for the reply
if that is the case some organization disable the web access
Thanks
09-24-2023 11:31 PM
As @Leo Laohoo mentioned, web access is vital in troubleshooting. By Disabling the web access you blocks access to the phone internal web pages, which provide statistics and configuration information.
It all depends on your organization. We have customer who need this turned ON and who want to disable it.
09-24-2023 08:21 PM
Enabling web access to ip phone is not recommended and you should avoid....if possible...
According to Cisco, A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
I hope the above information is useful....
Best regards
******* If This Helps, Please Rate *******
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide