Malicious use of a stolen cookie might allow modifications to the contents of the IP phone’s webpage.