All the vulnerabilites related to cisco - ip_dect_210_firmware
Vulnerability from fkie_nvd
Published
2023-11-21 19:15
Modified
2024-11-21 07:41
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
cisco | ip_dect_110_firmware | * | |
cisco | ip_dect_110 | - | |
cisco | ip_dect_210_firmware | * | |
cisco | ip_dect_210 | - | |
cisco | unified_ip_phone_6901_firmware | * | |
cisco | unified_ip_phone_6901 | - | |
cisco | unified_sip_phone_3905_firmware | * | |
cisco | unified_sip_phone_3905 | - |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ip_dect_110_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "17BA3030-4791-4937-911A-0FA625BE4CFF", "versionEndExcluding": "5.1.2sr1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:ip_dect_110:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E36E9DA-BF30-42FB-9B6C-40C39DDA9473", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ip_dect_210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C7C4EDF-AAE1-424A-A64D-B794611E9571", "versionEndExcluding": "5.1.2sr1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:ip_dect_210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B6E163D-94B8-453B-8189-804A7C1DE8DA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6901_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "489B785B-BCC7-4D75-9A04-081CDCC49603", "versionEndExcluding": "9.3\\(1\\)sr3", "versionStartIncluding": "9.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6901:-:*:*:*:*:*:*:*", "matchCriteriaId": "12C78A9E-35FA-4CC7-B51F-25133B3D6DA9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_sip_phone_3905_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A15605C-714B-4876-8C37-40A8C4A10ECA", "versionEndExcluding": "9.4\\(1\\)sr4", "versionStartIncluding": "9.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_sip_phone_3905:-:*:*:*:*:*:*:*", "matchCriteriaId": "14E1313A-F2D4-4F40-BC50-2D1BA2BBB4C7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device." }, { "lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de un peque\u00f1o subconjunto de Cisco IP Phones podr\u00eda permitir que un atacante remoto autenticado lleve a cabo un ataque de cross-site scripting (XSS) almacenado contra un usuario de la interfaz en un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario de una interfaz afectada para que vea una p\u00e1gina que contenga HTML o script maliciosos. Un exploit exitoso podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador. Para aprovechar esta vulnerabilidad, el atacante debe tener credenciales v\u00e1lidas para acceder a la interfaz de administraci\u00f3n basada en web del dispositivo afectado." } ], "id": "CVE-2023-20265", "lastModified": "2024-11-21T07:41:01.880", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "ykramarz@cisco.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-11-21T19:15:08.747", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "ykramarz@cisco.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-79" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-11-06 19:15
Modified
2024-11-21 05:31
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ip_dect_210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC3C8D7D-A5B0-4771-9665-D0258312BB8D", "versionEndExcluding": "4.8.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:ip_dect_210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B6E163D-94B8-453B-8189-804A7C1DE8DA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ip_dect_6825_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B835D24-DA8B-4E9F-8731-8E53438CB912", "versionEndExcluding": "4.8.1", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:ip_dect_6825:-:*:*:*:*:*:*:*", "matchCriteriaId": "4713CBC4-DC13-4D0E-83E6-34F4AAF07A58", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BEAB12F-7C8B-4960-9161-89714A4DEF42", "versionEndExcluding": "11.3.2", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "366D15A9-2EBE-4CB9-A2DF-D5D575598744", "versionEndExcluding": "11.3.2", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*", "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7907FF6-F949-45FA-910C-FF111140594B", "versionEndExcluding": "11.3.2", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4709CCDB-04A6-4E63-A4E9-02904E44FA65", "versionEndExcluding": "11.3.2", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*", "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_conference_phone_8831_firmware:9.3\\(4\\):servicerelease3:*:*:*:*:*:*", "matchCriteriaId": "5773D5CD-4D6E-468C-A07A-C8A707B11FF9", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_conference_phone_8831:-:*:*:*:*:*:*:*", "matchCriteriaId": "660475FD-8475-4968-9ED2-D83461B9A5D4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:webex_room_phone_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8831D2CE-55CD-4D5D-A9FB-3D9AC04DE5D1", "versionEndExcluding": "1.2.0", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:webex_room_phone:-:*:*:*:*:*:*:*", "matchCriteriaId": "060033D2-5332-4C89-813A-3780E1619DFD", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition." }, { "lang": "es", "value": "Una vulnerabilidad en la funcionalidad TCP packet processing de Cisco IP Phones, podr\u00eda permitir a un atacante remoto no autenticado causar que el tel\u00e9fono dejara de responder a las llamadas entrantes, abandonara las llamadas conectadas o se recargara inesperadamente.\u0026#xa0;La vulnerabilidad es debido a una limitaci\u00f3n insuficiente de la tasa de paquetes de entrada TCP.\u0026#xa0;Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo una tasa alta y sostenida de tr\u00e1fico TCP dise\u00f1ado hacia el dispositivo apuntado.\u0026#xa0;Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante afectar las operaciones del tel\u00e9fono o hacer que el tel\u00e9fono se recargue, dando lugar a una condici\u00f3n de denegaci\u00f3n de servicio (DoS)" } ], "id": "CVE-2020-3574", "lastModified": "2024-11-21T05:31:20.600", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-11-06T19:15:14.847", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-371" } ], "source": "ykramarz@cisco.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
cve-2020-3574
Vulnerability from cvelistv5
Published
2020-11-06 18:16
Modified
2024-11-13 17:43
Severity ?
EPSS score ?
Summary
A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition.
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv | vendor-advisory, x_refsource_CISCO |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco IP Phones with Multiplatform Firmware |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:37:55.701Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20201104 Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3574", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:12:06.604039Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T17:43:05.265Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IP Phones with Multiplatform Firmware", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2020-11-04T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-371", "description": "CWE-371", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-11-06T18:16:31", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20201104 Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv" } ], "source": { "advisory": "cisco-sa-voip-phone-flood-dos-YnU9EXOv", "defect": [ [ "CSCvs66815", "CSCvt83239", "CSCvu36012", "CSCvu36026" ] ], "discovery": "INTERNAL" }, "title": "Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-11-04T16:00:00", "ID": "CVE-2020-3574", "STATE": "PUBLIC", "TITLE": "Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco IP Phones with Multiplatform Firmware", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "7.5", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-371" } ] } ] }, "references": { "reference_data": [ { "name": "20201104 Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv" } ] }, "source": { "advisory": "cisco-sa-voip-phone-flood-dos-YnU9EXOv", "defect": [ [ "CSCvs66815", "CSCvt83239", "CSCvu36012", "CSCvu36026" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3574", "datePublished": "2020-11-06T18:16:31.678368Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-13T17:43:05.265Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20265
Vulnerability from cvelistv5
Published
2023-11-21 18:45
Modified
2024-08-29 20:02
Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device.
References
Impacted products
Vendor | Product | Version | |||||
---|---|---|---|---|---|---|---|
▼ | Cisco | Cisco IP Phones with Multiplatform Firmware |
Version: 4.5 Version: 4.6 MSR1 Version: 4.7.1 Version: 4.8.1 Version: 4.8.1 SR1 Version: 5.0.1 Version: 5.1.1 Version: 5.1.2 |
||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:05:36.235Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "cisco-sa-uipphone-xss-NcmUykqA", "tags": [ "x_transferred" ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-20265", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2023-11-21T20:02:01.391549Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-29T20:02:00.535Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IP Phones with Multiplatform Firmware", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "4.5" }, { "status": "affected", "version": "4.6 MSR1" }, { "status": "affected", "version": "4.7.1" }, { "status": "affected", "version": "4.8.1" }, { "status": "affected", "version": "4.8.1 SR1" }, { "status": "affected", "version": "5.0.1" }, { "status": "affected", "version": "5.1.1" }, { "status": "affected", "version": "5.1.2" } ] }, { "product": "Cisco Session Initiation Protocol (SIP) Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "9.3(1)" }, { "status": "affected", "version": "9.1(1)" }, { "status": "affected", "version": "9.3(1)SR2" }, { "status": "affected", "version": "9.4(1)" }, { "status": "affected", "version": "9.2(2)" }, { "status": "affected", "version": "9.2(1)" }, { "status": "affected", "version": "9.3(1)SR1" }, { "status": "affected", "version": "9.4(1)SR2" }, { "status": "affected", "version": "9.4(1)SR1" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1" }, "format": "cvssV3_1" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "cwe" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-25T16:58:35.584Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "cisco-sa-uipphone-xss-NcmUykqA", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA" } ], "source": { "advisory": "cisco-sa-uipphone-xss-NcmUykqA", "defects": [ "CSCwf58594", "CSCwf58592", "CSCwf58578" ], "discovery": "EXTERNAL" } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2023-20265", "datePublished": "2023-11-21T18:45:33.998Z", "dateReserved": "2022-10-27T18:47:50.373Z", "dateUpdated": "2024-08-29T20:02:00.535Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }