Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
398
Views
3
Helpful
4
Replies

web access

bluesea2010
Level 5
Level 5

‎09-24-2023 06:48 PM

Hi,

What is the secuiry risk for enabling web access on cisco phones .

Thanks

 

4 Replies 4

Leo Laohoo
Hall of Fame
Hall of Fame

‎09-24-2023 07:05 PM - edited ‎09-24-2023 07:06 PM

As far as I am concerned, web access to a phone is "read only" access.  

And we have this enabled to all phones (including ATA) because it is vital in troubleshooting.

bluesea2010
Level 5
Level 5
In response to Leo Laohoo

‎09-24-2023 07:33 PM

Hi ,

Thanks for the reply 

if that is the case some organization  disable the web access 

Thanks

 

0 Helpful

Nithin Eluvathingal
VIP
VIP
In response to bluesea2010

‎09-24-2023 11:31 PM

As @Leo Laohoo  mentioned, web access is vital in troubleshooting. By Disabling the web access you blocks access to the phone internal web pages, which provide statistics and configuration information. 

It all depends on your organization. We have customer who need this turned ON  and who want to disable it.



Response Signature


Gopinath_Pigili
Spotlight
Spotlight

‎09-24-2023 08:21 PM

Enabling web access to ip phone is not recommended and you should avoid....if possible...

According to Cisco, A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

I hope the above information is useful....

Best regards
******* If This Helps, Please Rate *******

0 Helpful
Customers Also Viewed These Support Documents