All the vulnerabilites related to cisco - unified_ip_phone_7940g
Vulnerability from fkie_nvd
Published
2009-01-16 21:30
Modified
2024-11-21 00:51
Severity ?
Summary
Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers.
References
cve@mitre.orghttp://securityreason.com/securityalert/4917
cve@mitre.orghttp://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/firmware/sip/8_10/english/release/notes/796040sip_810.html
cve@mitre.orghttp://www.securityfocus.com/archive/1/500059/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/33264
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/47948
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/4917
af854a3a-2127-422b-91ae-364da2661108http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/firmware/sip/8_10/english/release/notes/796040sip_810.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/500059/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/33264
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/47948
Impacted products
Vendor Product Version
cisco unified_ip_phone_7940g *
cisco unified_ip_phone_7960g *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7940g:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02BC94CB-AD9E-4B68-9437-D65EF9DBADD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7960g:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "293CAB61-D0AD-4704-9FB4-B2C08700B913",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers."
    },
    {
      "lang": "es",
      "value": "Cisco Unified IP Phone (tambi\u00e9n conocido como SIP phone) 7960G y 7940G con firmware P0S3-08-9-00 y posiblemente otras versiones anteriores a v8.10 permite a atacantes remotos causar denegaci\u00f3n de servicio (reinicio del dispositivo) o posiblemente ejecutar c\u00f3digo de su elecci\u00f3n mediante un paquete de Protocolo de Transporte en Tiempo Real (RTP) con cabeceras mal formadas."
    }
  ],
  "id": "CVE-2008-4444",
  "lastModified": "2024-11-21T00:51:41.480",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-01-16T21:30:03.313",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4917"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/firmware/sip/8_10/english/release/notes/796040sip_810.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/500059/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/33264"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47948"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4917"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/firmware/sip/8_10/english/release/notes/796040sip_810.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/500059/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47948"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-06-07 21:29
Modified
2024-11-21 03:37
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945.
References
ykramarz@cisco.comhttp://www.securityfocus.com/bid/104445Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://www.securitytracker.com/id/1041074Third Party Advisory, VDB Entry
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dosVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104445Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041074Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dosVendor Advisory
Impacted products
Vendor Product Version
cisco unified_ip_phone_firmware 9.9\(9.99002.1\)
cisco unified_ip_phone_9951 -
cisco unified_ip_phone_9971 -
cisco unified_ip_phone_firmware 9.9\(9.99002.1\)
cisco unified_ip_phone_7906g -
cisco unified_ip_phone_7911g -
cisco unified_ip_phone_7912g -
cisco unified_ip_phone_7931g -
cisco unified_ip_phone_7940g -
cisco unified_ip_phone_7941g -
cisco unified_ip_phone_7942g -
cisco unified_ip_phone_7945g -
cisco unified_ip_phone_7960g -
cisco unified_ip_phone_7961g -
cisco unified_ip_phone_7962g -
cisco unified_ip_phone_7965g -
cisco unified_ip_phone_7975g -
cisco ip_phone_firmware 9.4\(2\)sr3.1
cisco ip_phone_7811 -
cisco ip_phone_7821 -
cisco ip_phone_7841 -
cisco ip_phone_7861 -
cisco ip_phone_firmware 9.4\(2\)sr3.1
cisco ip_phone_8811 -
cisco ip_phone_8841 -
cisco ip_phone_8845 -
cisco ip_phone_8851 -
cisco ip_phone_8861 -
cisco ip_phone_8865 -
cisco ip_phone_firmware 9.4\(2\)sr4
cisco ip_phone_8811 -
cisco ip_phone_8841 -
cisco ip_phone_8845 -
cisco ip_phone_8851 -
cisco ip_phone_8861 -
cisco ip_phone_8865 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_firmware:9.9\\(9.99002.1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3D3D7A0C-A65C-4AA3-99A8-91142783802C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_9951:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B483E7-0B8D-480B-94B9-93F00AE91B4B",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_9971:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBF7ABE8-03D3-4ACA-834A-89D37D5EBFB2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_firmware:9.9\\(9.99002.1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "3D3D7A0C-A65C-4AA3-99A8-91142783802C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7906g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "94B18568-30F5-40BF-96DB-589ED8D960F5",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7911g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BF164BA-91F9-434B-9837-1B6E600A91AF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7912g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA43909C-9ED4-40B3-A179-48568BA5E4B3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7931g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D51724-CA7C-4F8E-9C02-408A96E32860",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7940g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "84AEFB6F-3534-478A-97FF-C100A86A269E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7941g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7519FF0-672E-430F-980D-53D2A851C78C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7942g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37232BAF-C3BD-45A3-B54F-3DA2E15F2FBD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7945g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5980E646-CA07-4222-A9DD-A71306A4A678",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7960g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DFA9051-62CB-4C7B-9C97-CD901DC778F0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7961g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1B979DC-52B4-497E-9D7C-3D8F861E6E26",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7962g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8424EA40-BAEE-4503-A826-003C478D07F0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7965g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF30D1CC-D27F-49FF-9C63-BB890002D1C2",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7975g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA879B6-04D6-402A-8F38-8A7CB34D76F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_firmware:9.4\\(2\\)sr3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCC90CA-7D61-4B77-BA39-D343E2A65A59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_firmware:9.4\\(2\\)sr3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCC90CA-7D61-4B77-BA39-D343E2A65A59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_firmware:9.4\\(2\\)sr4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDD6E0D0-6B8D-4C72-80F9-BF43EAD22CA9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el procesamiento de paquetes entrantes SIP (Session Initiation Protocol) del software Cisco Unified IP Phone podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad se debe a la falta de mecanismos de control de flujo en el software. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de grandes vol\u00famenes de tr\u00e1fico SIP INVITE al dispositivo objetivo. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que un atacante provoque una interrupci\u00f3n de los servicios en el tel\u00e9fono IP objetivo. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945."
    }
  ],
  "id": "CVE-2018-0332",
  "lastModified": "2024-11-21T03:37:59.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-07T21:29:00.400",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104445"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041074"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104445"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-18 03:15
Modified
2024-11-21 05:30
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
References
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExMVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExMVendor Advisory
Impacted products
Vendor Product Version
cisco unified_ip_phone_6901_firmware *
cisco unified_ip_phone_6901 -
cisco unified_ip_phone_6961_firmware *
cisco unified_ip_phone_6961 -
cisco unified_ip_phone_6945_firmware *
cisco unified_ip_phone_6945 -
cisco unified_ip_phone_6941_firmware *
cisco unified_ip_phone_6941 -
cisco unified_ip_phone_6921_firmware *
cisco unified_ip_phone_6921 -
cisco unified_ip_phone_6911_firmware *
cisco unified_ip_phone_6911 -
cisco unified_ip_phone_7832_firmware *
cisco unified_ip_phone_7832 -
cisco unified_ip_phone_7861_firmware *
cisco unified_ip_phone_7861 -
cisco unified_ip_phone_7841_firmware *
cisco unified_ip_phone_7841 -
cisco unified_ip_phone_7821_firmware *
cisco unified_ip_phone_7821 -
cisco unified_ip_phone_7811_firmware *
cisco unified_ip_phone_7811 -
cisco unified_ip_phone_7937g_firmware *
cisco unified_ip_phone_7937g -
cisco unified_ip_phone_7975g_firmware *
cisco unified_ip_phone_7975g -
cisco unified_ip_phone_7965g_firmware *
cisco unified_ip_phone_7965g -
cisco unified_ip_phone_7962g_firmware *
cisco unified_ip_phone_7962g -
cisco unified_ip_phone_7961g_firmware *
cisco unified_ip_phone_7961g -
cisco unified_ip_phone_7960g_firmware *
cisco unified_ip_phone_7960g -
cisco unified_ip_phone_7945g_firmware *
cisco unified_ip_phone_7945g -
cisco unified_ip_phone_7942g_firmware *
cisco unified_ip_phone_7942g -
cisco unified_ip_phone_7941g_firmware *
cisco unified_ip_phone_7941g -
cisco unified_ip_phone_7940g_firmware *
cisco unified_ip_phone_7940g -
cisco unified_ip_phone_7931g_firmware *
cisco unified_ip_phone_7931g -
cisco unified_ip_phone_7911g_firmware *
cisco unified_ip_phone_7911g -
cisco unified_ip_phone_7906g_firmware *
cisco unified_ip_phone_7906g -
cisco unified_ip_phone_8811_firmware *
cisco unified_ip_phone_8811 -
cisco unified_ip_phone_8841_firmware *
cisco unified_ip_phone_8841 -
cisco unified_ip_phone_8845_firmware *
cisco unified_ip_phone_8845 -
cisco unified_ip_phone_8851_firmware *
cisco unified_ip_phone_8851 -
cisco unified_ip_phone_8851nr_firmware *
cisco unified_ip_phone_8851nr -
cisco unified_ip_phone_8861_firmware *
cisco unified_ip_phone_8861 -
cisco unified_ip_phone_8865_firmware *
cisco unified_ip_phone_8865 -
cisco unified_ip_phone_8865nr_firmware *
cisco unified_ip_phone_8865nr -
cisco unified_ip_phone_8961_firmware *
cisco unified_ip_phone_8961 -
cisco unified_ip_phone_8945_firmware *
cisco unified_ip_phone_8945 -
cisco unified_ip_phone_8941_firmware *
cisco unified_ip_phone_8941 -
cisco unified_ip_phone_9971_firmware *
cisco unified_ip_phone_9971 -
cisco unified_ip_phone_9951_firmware *
cisco unified_ip_phone_9951 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6901_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B5E567-41A0-4C9A-91A3-63EB5543F73F",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6901:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12C78A9E-35FA-4CC7-B51F-25133B3D6DA9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6961_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B0A706C-5D52-4FF9-A7D0-D81B8D44A7A0",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6961:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEDF755A-DFA2-4BCB-9A06-0A225B8F05B7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6945_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9303F605-1F5D-4740-BE11-0A1176A68E80",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6945:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B3B667E-9019-4A33-9BB0-D15560EC4145",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6941_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "455F7CDE-B0C9-44B7-AD55-EA03B287A9DF",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6941:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAD4832E-16D3-4E26-B8ED-D32F5CB83180",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6921_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB7A8AC1-6EF0-4FDC-8C18-3118F3F53C8B",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6921:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B807519-7A91-4137-8B0D-0820C6299C13",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6911_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CEC48E7-E9D8-406D-963C-06F5F2209423",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6911:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F32CF4BC-40AD-4C9C-8787-2B7EAE2B3B5F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "552DA0C7-01D3-46E1-AC87-2CF41408EF0D",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C42D5D4-E5BF-4668-81F0-9D76552E0DCE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7861_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CAED4E4-23FA-4B15-8138-8B79392FC666",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "045E3CD2-AC00-4BA7-A0B0-94D9ACF1F6CF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7841_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C60EC68-7A31-4CBB-BCC4-DD56299C6EEA",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7841:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CAEF25F-B028-487D-B396-C33D5246D188",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7821_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0921726-02A0-47D0-9E40-E1E3DD6D5A22",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7821:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "182E3741-46FC-47D3-B075-772E87C8F80C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7811_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1EFB1A0-ED54-4586-9A10-E27A936AE6B6",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7811:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6551539F-39C1-4CD6-92F3-FE330E92CC06",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7937g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7BECC3-B86D-4669-8463-DAE35D406B1B",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7937g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F69722C8-73F9-4989-817B-DF8F882676AD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7975g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6D10125-025C-42B5-93D9-5A4FA79290C3",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7975g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA879B6-04D6-402A-8F38-8A7CB34D76F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7965g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82C369BE-4A67-489B-9A26-AB00D4C4E409",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7965g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF30D1CC-D27F-49FF-9C63-BB890002D1C2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7962g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA428649-4098-4166-8ED3-4A1C707F00FB",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7962g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8424EA40-BAEE-4503-A826-003C478D07F0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7961g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57152C53-3445-4CDD-9C3F-DB0067611DAB",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7961g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1B979DC-52B4-497E-9D7C-3D8F861E6E26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7960g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B10AA232-FF33-4062-977C-984D2E2CBF70",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7960g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DFA9051-62CB-4C7B-9C97-CD901DC778F0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7945g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D8A52F3-1D02-4D2F-A68D-276D065BD00B",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7945g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5980E646-CA07-4222-A9DD-A71306A4A678",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7942g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E24932D-8F8E-4991-858D-246D5CD594B7",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7942g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37232BAF-C3BD-45A3-B54F-3DA2E15F2FBD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7941g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A195E8-4210-4F4A-B742-1C943DF5D2AF",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7941g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7519FF0-672E-430F-980D-53D2A851C78C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7940g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34AC4FC0-1504-449C-86CC-1033D0BBD994",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7940g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "84AEFB6F-3534-478A-97FF-C100A86A269E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7931g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2B814BA-710F-4E42-8EA0-F9B59B5E2A39",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7931g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D51724-CA7C-4F8E-9C02-408A96E32860",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7911g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB2313E3-D3C9-4990-8657-05345C386759",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7911g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BF164BA-91F9-434B-9837-1B6E600A91AF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7906g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EA3D2C-8327-4D0F-9AD8-3373AB3CCC53",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7906g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "94B18568-30F5-40BF-96DB-589ED8D960F5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8811_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D8DA83E-9548-455E-BCFF-5238FB56BF48",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8811:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D96E5B04-7CFF-4DF9-A356-C015AD8F5536",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8841_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426BD5-25E2-43B6-9E6E-346F26E2AC1A",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8841:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80B68502-F042-4094-BECB-0C59C3C6D07F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8845_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33CD3FFF-1517-4EF7-AE38-F6DA836100AE",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8845:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF629B3C-0874-4BC9-97F3-28A5A7AC8917",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8851_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CD08767-7F00-48E6-87A9-99FE9E2D96B9",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8851:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B37ABB-C273-47B1-B7B0-692280CC957B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8851nr_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79C63F44-F1B6-47A3-900E-BA9B7A2EDAE3",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8851nr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B021B260-CD3C-4EA5-9A2C-FE80B4ACA787",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8861_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "118AE4A2-F0DB-4E0B-9998-A56711723D34",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB9129D-607E-4227-984E-F0FC2F9047ED",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27AFD285-F65F-4B09-97C1-082C953EFCB9",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B01FB146-FB66-4251-8025-F38C49FE9CAC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8865nr_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8399BC8F-6DCD-4A61-9E1B-FFA636BAD4C2",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8865nr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB7D543-296F-44AE-9335-BF3244F21E55",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8961_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25923E46-A572-4731-9EAA-3A3B52D83FD3",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8961:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73338C3B-3AFA-4F64-B8C6-FDEBBBDCFD31",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8945_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02037FE7-B885-4C3D-9516-8C8D32D168B9",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8945:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "645668C0-1702-4EBE-AF4D-F73824AF4C41",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8941_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89E58087-9ABF-4BF6-BCC9-F7904593A5D6",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8941:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE80CCF2-84B6-409D-BED3-D1C3D8807D5F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_9971_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "486E6F8D-3563-42DF-86FA-34200B14FB2F",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_9971:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBF7ABE8-03D3-4ACA-834A-89D37D5EBFB2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_9951_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C416A15-52CB-4850-8C5B-E3E9C9087FB3",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_9951:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B483E7-0B8D-480B-94B9-93F00AE91B4B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funcionalidad Web Access de Cisco IP Phones Series 7800 y Series 8800, podr\u00eda permitir a un atacante remoto no autenticado visualizar informaci\u00f3n confidencial sobre un dispositivo afectado. La vulnerabilidad es debido a controles de acceso inapropiados en la interfaz de administraci\u00f3n basada en web de un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de solicitudes maliciosas al dispositivo, lo que podr\u00eda permitirle omitir las restricciones de acceso. Un ataque con \u00e9xito podr\u00eda permitir al atacante visualizar informaci\u00f3n confidencial, incluyendo los registros de llamadas del dispositivo que contienen nombres, nombres de usuario y n\u00fameros de tel\u00e9fono de los usuarios del dispositivo"
    }
  ],
  "id": "CVE-2020-3360",
  "lastModified": "2024-11-21T05:30:52.567",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-18T03:15:14.403",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2020-3360
Vulnerability from cvelistv5
Published
2020-06-18 02:17
Modified
2024-11-15 17:05
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExMvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:30:58.207Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3360",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:21:10.982053Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:05:37.576Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IP Phone 8800 Series Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-18T02:17:03",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"
        }
      ],
      "source": {
        "advisory": "cisco-sa-phone-logs-2O7f7ExM",
        "defect": [
          [
            "CSCvt23310",
            "CSCvt27636",
            "CSCvt27637",
            "CSCvt27645"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-06-17T16:00:00",
          "ID": "CVE-2020-3360",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IP Phone 8800 Series Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-phone-logs-2O7f7ExM",
          "defect": [
            [
              "CSCvt23310",
              "CSCvt27636",
              "CSCvt27637",
              "CSCvt27645"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3360",
    "datePublished": "2020-06-18T02:17:03.642062Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:05:37.576Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-4444
Vulnerability from cvelistv5
Published
2009-01-16 21:00
Modified
2024-08-07 10:17
Severity ?
Summary
Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/47948vdb-entry, x_refsource_XF
http://securityreason.com/securityalert/4917third-party-advisory, x_refsource_SREASON
http://www.securityfocus.com/bid/33264vdb-entry, x_refsource_BID
http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/firmware/sip/8_10/english/release/notes/796040sip_810.htmlx_refsource_CONFIRM
http://www.securityfocus.com/archive/1/500059/100/0/threadedmailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:17:09.794Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-unifiedipphone-rtp-dos(47948)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47948"
          },
          {
            "name": "4917",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4917"
          },
          {
            "name": "33264",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33264"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/firmware/sip/8_10/english/release/notes/796040sip_810.html"
          },
          {
            "name": "20090114 Cisco Unified IP Phone 7960G and 7940G (SIP) RTP Header Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/500059/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "cisco-unifiedipphone-rtp-dos(47948)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47948"
        },
        {
          "name": "4917",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4917"
        },
        {
          "name": "33264",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33264"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/firmware/sip/8_10/english/release/notes/796040sip_810.html"
        },
        {
          "name": "20090114 Cisco Unified IP Phone 7960G and 7940G (SIP) RTP Header Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/500059/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4444",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware P0S3-08-9-00 and possibly other versions before 8.10 allows remote attackers to cause a denial of service (device reboot) or possibly execute arbitrary code via a Realtime Transport Protocol (RTP) packet with malformed headers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "cisco-unifiedipphone-rtp-dos(47948)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47948"
            },
            {
              "name": "4917",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4917"
            },
            {
              "name": "33264",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33264"
            },
            {
              "name": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/firmware/sip/8_10/english/release/notes/796040sip_810.html",
              "refsource": "CONFIRM",
              "url": "http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/firmware/sip/8_10/english/release/notes/796040sip_810.html"
            },
            {
              "name": "20090114 Cisco Unified IP Phone 7960G and 7940G (SIP) RTP Header Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/500059/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4444",
    "datePublished": "2009-01-16T21:00:00",
    "dateReserved": "2008-10-03T00:00:00",
    "dateUpdated": "2024-08-07T10:17:09.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-0332
Vulnerability from cvelistv5
Published
2018-06-07 21:00
Modified
2024-11-29 15:05
Severity ?
Summary
A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945.
References
http://www.securityfocus.com/bid/104445vdb-entry, x_refsource_BID
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dosx_refsource_CONFIRM
http://www.securitytracker.com/id/1041074vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:15.586Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104445",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104445"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos"
          },
          {
            "name": "1041074",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041074"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0332",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:43:46.497266Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:05:00.083Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Unified IP Phone Software unknown",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Unified IP Phone Software unknown"
            }
          ]
        }
      ],
      "datePublic": "2018-06-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-399",
              "description": "CWE-399",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-14T09:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "104445",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104445"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos"
        },
        {
          "name": "1041074",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041074"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0332",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Unified IP Phone Software unknown",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Unified IP Phone Software unknown"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Session Initiation Protocol (SIP) ingress packet processing of Cisco Unified IP Phone software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms in the software. An attacker could exploit this vulnerability by sending high volumes of SIP INVITE traffic to the targeted device. Successful exploitation could allow the attacker to cause a disruption of services on the targeted IP phone. Cisco Bug IDs: CSCve10064, CSCve14617, CSCve14638, CSCve14683, CSCve20812, CSCve20926, CSCve20945."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104445",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104445"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ip-phone-dos"
            },
            {
              "name": "1041074",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041074"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0332",
    "datePublished": "2018-06-07T21:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-11-29T15:05:00.083Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}