Cisco this week advised customers using its 7800 and 8800 series IP phones they should patch a variety of high-priority vulnerabilities that could lead to denial of service and other security problems.

The company issued five security advisories, four for the 8800 and one for both the 8800 and 7800 series of IP phones. The 8800 is a high-end business desktop device that features high-definition video and mobile device integration. The 7800 is more of a general business IP phone. 

The security advisories include:

Cisco said these vulnerabilities affect Cisco IP Phones running a SIP software release prior to 11.0 for Wireless IP Phone 8821-EX and release 12.5 SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series.

The last vulnerability impacts both phones. The problem is a weakness is in the web-based management interface of SIP software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series. A successful exploit could allow the attacker to trigger a reload of an affected device, resulting in a DoS condition or to execute arbitrary code with the privileges of the app user. Cisco wrote that the vulnerability exists because the software improperly validates user-supplied input during user authentication. An attacker could exploit this vulnerability by connecting to an affected device using HTTP and supplying malicious user credentials.

Cisco said that the weakness involves version 10.3 SR5 for Unified IP Conference Phone 8831; 11.0 SR3 for Wireless IP Phone 8821 and 8821-EX; and 12.5 SR1 for the rest of the IP Phone 7800 and 8800 Series.

Cisco said it has released free patches for all the advisories and suggests going here to see how to download them. 

This story, "Cisco directs high priority patches for IP phone security exposures" was originally published by Network World.