All the vulnerabilites related to cisco - unified_ip_phone_7945g_firmware
cve-2022-20660
Vulnerability from cvelistv5
Published
2022-01-14 05:01
Modified
2024-11-06 16:33
Severity ?
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxAvendor-advisory, x_refsource_CISCO
http://seclists.org/fulldisclosure/2022/Jan/34mailing-list, x_refsource_FULLDISC
http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:17:53.070Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20220113 Cisco IP Phones Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA"
          },
          {
            "name": "20220114 SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Jan/34"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-20660",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T15:59:21.438909Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T16:33:25.971Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Session Initiation Protocol (SIP) Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2022-01-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-312",
              "description": "CWE-312",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-17T19:06:13",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20220113 Cisco IP Phones Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA"
        },
        {
          "name": "20220114 SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Jan/34"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ip-phone-info-disc-fRdJfOxA",
        "defect": [
          [
            "CSCvy39035",
            "CSCvy39054",
            "CSCvy39055",
            "CSCvy39057",
            "CSCvy39058",
            "CSCvy39059"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IP Phones Information Disclosure Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2022-01-13T00:00:00",
          "ID": "CVE-2022-20660",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IP Phones Information Disclosure Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Session Initiation Protocol (SIP) Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "4.6",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-312"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20220113 Cisco IP Phones Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA"
            },
            {
              "name": "20220114 SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2022/Jan/34"
            },
            {
              "name": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-ip-phone-info-disc-fRdJfOxA",
          "defect": [
            [
              "CSCvy39035",
              "CSCvy39054",
              "CSCvy39055",
              "CSCvy39057",
              "CSCvy39058",
              "CSCvy39059"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20660",
    "datePublished": "2022-01-14T05:01:29.253864Z",
    "dateReserved": "2021-11-02T00:00:00",
    "dateUpdated": "2024-11-06T16:33:25.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-20079
Vulnerability from cvelistv5
Published
2023-03-03 00:00
Modified
2024-10-28 16:33
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcPvendor-advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:35.877Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20230302 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-20079",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-28T16:27:14.331307Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-28T16:33:33.489Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IP Phones with Multiplatform Firmware ",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2023-03-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-03T00:00:00",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20230302 Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ip-phone-cmd-inj-KMFynVcP",
        "defect": [
          [
            "CSCwc78400",
            "CSCwd39132",
            "CSCwd40474",
            "CSCwd40489",
            "CSCwd40494"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilities"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20079",
    "datePublished": "2023-03-03T00:00:00",
    "dateReserved": "2022-10-27T00:00:00",
    "dateUpdated": "2024-10-28T16:33:33.489Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-3360
Vulnerability from cvelistv5
Published
2020-06-18 02:17
Modified
2024-11-15 17:05
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExMvendor-advisory, x_refsource_CISCO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:30:58.207Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3360",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:21:10.982053Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:05:37.576Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IP Phone 8800 Series Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-06-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-18T02:17:03",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"
        }
      ],
      "source": {
        "advisory": "cisco-sa-phone-logs-2O7f7ExM",
        "defect": [
          [
            "CSCvt23310",
            "CSCvt27636",
            "CSCvt27637",
            "CSCvt27645"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-06-17T16:00:00",
          "ID": "CVE-2020-3360",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IP Phone 8800 Series Software",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-phone-logs-2O7f7ExM",
          "defect": [
            [
              "CSCvt23310",
              "CSCvt27636",
              "CSCvt27637",
              "CSCvt27645"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3360",
    "datePublished": "2020-06-18T02:17:03.642062Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:05:37.576Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2023-03-03 16:15
Modified
2024-11-21 07:40
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
References
ykramarz@cisco.comhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcPVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcPVendor Advisory
Impacted products
Vendor Product Version
cisco ip_phone_6871_firmware *
cisco ip_phone_6871 -
cisco ip_phone_6861_firmware *
cisco ip_phone_6861 -
cisco ip_phone_6851_firmware *
cisco ip_phone_6851 -
cisco ip_phone_6841_firmware *
cisco ip_phone_6841 -
cisco ip_phone_6825_firmware *
cisco ip_phone_6825 -
cisco ip_phone_7861_firmware *
cisco ip_phone_7861 -
cisco ip_phone_7841_firmware *
cisco ip_phone_7841 -
cisco ip_phone_7832_firmware *
cisco ip_phone_7832 -
cisco ip_phone_7821_firmware *
cisco ip_phone_7821 -
cisco ip_phone_7811_firmware *
cisco ip_phone_7811 -
cisco ip_phone_8865_firmware *
cisco ip_phone_8865 -
cisco ip_phone_8861_firmware *
cisco ip_phone_8861 -
cisco ip_phone_8851_firmware *
cisco ip_phone_8851 -
cisco ip_phone_8845_firmware *
cisco ip_phone_8845 -
cisco ip_phone_8841_firmware *
cisco ip_phone_8841 -
cisco ip_phone_8832_firmware *
cisco ip_phone_8832 -
cisco ip_phone_8811_firmware *
cisco ip_phone_8811 -
cisco ip_phone_8831_firmware *
cisco ip_phone_8831 -
cisco unified_ip_phone_7945g_firmware *
cisco unified_ip_phone_7945g -
cisco unified_ip_phone_7965g_firmware *
cisco unified_ip_phone_7965g -
cisco unified_ip_phone_7975g_firmware *
cisco unified_ip_phone_7975g -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_6871_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FB46C93-0E51-42F3-8F94-40042A5CBF46",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "864B486C-71F6-4EFD-8F04-BA7FC18DFD5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_6861_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AD2F635-094B-4883-BF55-B85B16AD773F",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C05A7CA6-AD58-45D7-AF32-129E22855D8E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_6851_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "39BA7B78-4934-404F-B4DF-6C936460E05E",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5809CA01-CF32-4E3A-A771-01D5065F0061",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_6841_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "470A77FC-6DD6-44B8-B332-79844AE06BB2",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE4960B1-22B4-4B3D-955E-684DA520A1A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_6825_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CB8846B-6B42-49AF-BFC9-85CF89CA4E56",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_6825:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E07D81AF-3DF8-4EE4-AE4E-FB875BE14BB4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F675EDC-3F39-4BDA-B6BD-2A0C1075D1D8",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D9466BE-960D-41DD-A137-ABE2C3F6D4B4",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_7832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D27EA4CE-9BA5-42B8-B1CE-5710A6207CC2",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32D8B3FD-3157-49D3-A4BA-D4FAAB1B6D4C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4550A390-A8D8-4857-8C66-EC6B1F8E322E",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D975C4C2-9567-4F5C-BE6A-137AE321F9F0",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8BD1967-D870-4E21-BF1C-D712809077EB",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACB956C5-4165-4C00-BC5C-F4D4C6270070",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83E1D601-371E-4F90-B6F7-8A6B91C949AB",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C4C70C3-D9D7-468C-B522-666EF6C01D20",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7609CA0-F9E8-47AB-A621-212DC124018E",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D936075-78C7-4E1E-A2B1-1EB8B668E3F2",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5EA5C6B-243B-419A-9C60-1CDBD039C1D8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2691AABE-6E0A-422B-88B9-89E63D1436F3",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8831_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6579DD70-1AC9-42FC-9464-90523A7008E7",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8831:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF13D70B-1F27-4B3F-83FD-EF9688F1D123",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7945g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E49D5D04-A5B9-461D-94A3-15676DD90CD6",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7945g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5980E646-CA07-4222-A9DD-A71306A4A678",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7965g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0587084E-0B87-46D3-A5D8-3FD7EBC826E1",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7965g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF30D1CC-D27F-49FF-9C63-BB890002D1C2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7975g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C77D2870-D2C9-40D7-8877-F9E9AD4E1DF8",
              "versionEndExcluding": "11.3.7sr1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7975g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA879B6-04D6-402A-8F38-8A7CB34D76F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory."
    }
  ],
  "id": "CVE-2023-20079",
  "lastModified": "2024-11-21T07:40:30.230",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-03-03T16:15:10.380",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-121"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-01-14 05:15
Modified
2024-11-21 06:43
Severity ?
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.6 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.
References
ykramarz@cisco.comhttp://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.htmlExploit, Third Party Advisory, VDB Entry
ykramarz@cisco.comhttp://seclists.org/fulldisclosure/2022/Jan/34Mailing List, Third Party Advisory
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxAVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Jan/34Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxAVendor Advisory
Impacted products
Vendor Product Version
cisco ip_conference_phone_7832_firmware *
cisco ip_conference_phone_7832 -
cisco ip_conference_phone_8832_firmware *
cisco ip_conference_phone_8832 -
cisco ip_phone_7811_firmware *
cisco ip_phone_7811 -
cisco ip_phone_7821_firmware *
cisco ip_phone_7821 -
cisco ip_phone_7841_firmware *
cisco ip_phone_7841 -
cisco ip_phone_7861_firmware *
cisco ip_phone_7861 -
cisco ip_phone_8811_firmware *
cisco ip_phone_8811 -
cisco ip_phone_8841_firmware *
cisco ip_phone_8841 -
cisco ip_phone_8845_firmware *
cisco ip_phone_8845 -
cisco ip_phone_8851_firmware *
cisco ip_phone_8851 -
cisco ip_phone_8861_firmware *
cisco ip_phone_8861 -
cisco ip_phone_8865_firmware *
cisco ip_phone_8865 -
cisco unified_ip_conference_phone_8831_firmware -
cisco unified_ip_conference_phone_8831 -
cisco unified_ip_conference_phone_8831_for_third-party_call_control_firmware -
cisco unified_ip_conference_phone_8831_for_third-party_call_control -
cisco unified_ip_phone_7945g_firmware -
cisco unified_ip_phone_7945g -
cisco unified_ip_phone_7965g_firmware -
cisco unified_ip_phone_7965g -
cisco unified_ip_phone_7975g_firmware -
cisco unified_ip_phone_7975g -
cisco unified_sip_phone_3905_firmware *
cisco unified_sip_phone_3905 -
cisco wireless_ip_phone_8821_firmware *
cisco wireless_ip_phone_8821 -
cisco wireless_ip_phone_8821-ex_firmware *
cisco wireless_ip_phone_8821-ex -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E42261E2-07EC-416E-A65C-7D85584DED32",
              "versionEndExcluding": "14.1\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_conference_phone_7832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6592E7FE-346E-4923-97C2-F5298DC802A3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B9BC28D-0BC0-45CB-A87B-59F407F3A210",
              "versionEndExcluding": "14.1\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1010D16-DC6E-47A6-8BF9-C1026D975E3D",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "38F67250-E4D0-48BE-928E-EF1BB4005940",
              "versionEndExcluding": "14.1\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD40B5EB-D356-42D4-9464-67D0481460A9",
              "versionEndExcluding": "14.1\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "67895EA8-C707-4228-A8A2-4654E2B912CA",
              "versionEndExcluding": "14.1\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83ED1C8-1655-46EC-B1F5-4BD1D519057D",
              "versionEndExcluding": "14.1\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41F875DA-AF0C-49CE-8BC5-DD1E0702FACF",
              "versionEndExcluding": "14.1\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFACDCE6-95B3-45A7-86D3-18F3A78D5AF7",
              "versionEndExcluding": "14.1\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "280BC438-AF6B-464B-A283-CE183C06E13B",
              "versionEndExcluding": "14.1\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E92C6B-5BA7-4C5F-B262-AE20F3951923",
              "versionEndExcluding": "14.1\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E3B94C-BA7B-481A-AF4D-2FCF5E81D7B6",
              "versionEndExcluding": "14.1\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9A7F857-A3D7-43DA-8E94-FDA0EE542C39",
              "versionEndExcluding": "14.1\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_conference_phone_8831_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22846195-008E-4D1B-A0C3-3364B141EC5F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_conference_phone_8831:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "660475FD-8475-4968-9ED2-D83461B9A5D4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_conference_phone_8831_for_third-party_call_control_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5699693-DBEC-429F-B67E-0B1625818FAB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_conference_phone_8831_for_third-party_call_control:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA7AA843-E37E-42A0-BD4C-9710BDD50D9B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7945g_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "361613B3-A977-4E2A-8D41-EDE85F1D9623",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7945g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5980E646-CA07-4222-A9DD-A71306A4A678",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7965g_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F52E0123-63EF-40FB-85B7-2C2838CBF3BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7965g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF30D1CC-D27F-49FF-9C63-BB890002D1C2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7975g_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "415AE68B-E623-4B95-89CA-1F3C2C96A33C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7975g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA879B6-04D6-402A-8F38-8A7CB34D76F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_sip_phone_3905_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1B36FBC-7879-4AE5-8D28-2A5BE8C88356",
              "versionEndExcluding": "9.4\\(1\\)sr5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_sip_phone_3905:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "14E1313A-F2D4-4F40-BC50-2D1BA2BBB4C7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:wireless_ip_phone_8821_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "59A19DB2-1E3A-40AC-B265-878E9B568E8C",
              "versionEndExcluding": "11.0\\(6\\)sr2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:wireless_ip_phone_8821:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F97DF354-7690-417E-B223-72C8BDA36DA7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:wireless_ip_phone_8821-ex_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "039BF626-1168-44E3-90E4-0C2BE311FA3E",
              "versionEndExcluding": "11.0\\(6\\)sr2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:wireless_ip_phone_8821-ex:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "26CAE4C7-EADB-41A9-BE48-1A4F3D8D3D7A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la arquitectura de almacenamiento de informaci\u00f3n de varios modelos de tel\u00e9fonos IP de Cisco podr\u00eda permitir a un atacante f\u00edsico no autenticado obtener informaci\u00f3n confidencial de un dispositivo afectado. Esta vulnerabilidad es debido al almacenamiento no cifrado de informaci\u00f3n confidencial en un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad al extraer f\u00edsicamente y acceder a uno de los chips de memoria flash. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante obtener informaci\u00f3n confidencial del dispositivo, que podr\u00eda ser usada para ataques posteriores"
    }
  ],
  "id": "CVE-2022-20660",
  "lastModified": "2024-11-21T06:43:15.693",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.6,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-14T05:15:11.083",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Jan/34"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Jan/34"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-312"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-18 03:15
Modified
2024-11-21 05:30
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
References
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExMVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExMVendor Advisory
Impacted products
Vendor Product Version
cisco unified_ip_phone_6901_firmware *
cisco unified_ip_phone_6901 -
cisco unified_ip_phone_6961_firmware *
cisco unified_ip_phone_6961 -
cisco unified_ip_phone_6945_firmware *
cisco unified_ip_phone_6945 -
cisco unified_ip_phone_6941_firmware *
cisco unified_ip_phone_6941 -
cisco unified_ip_phone_6921_firmware *
cisco unified_ip_phone_6921 -
cisco unified_ip_phone_6911_firmware *
cisco unified_ip_phone_6911 -
cisco unified_ip_phone_7832_firmware *
cisco unified_ip_phone_7832 -
cisco unified_ip_phone_7861_firmware *
cisco unified_ip_phone_7861 -
cisco unified_ip_phone_7841_firmware *
cisco unified_ip_phone_7841 -
cisco unified_ip_phone_7821_firmware *
cisco unified_ip_phone_7821 -
cisco unified_ip_phone_7811_firmware *
cisco unified_ip_phone_7811 -
cisco unified_ip_phone_7937g_firmware *
cisco unified_ip_phone_7937g -
cisco unified_ip_phone_7975g_firmware *
cisco unified_ip_phone_7975g -
cisco unified_ip_phone_7965g_firmware *
cisco unified_ip_phone_7965g -
cisco unified_ip_phone_7962g_firmware *
cisco unified_ip_phone_7962g -
cisco unified_ip_phone_7961g_firmware *
cisco unified_ip_phone_7961g -
cisco unified_ip_phone_7960g_firmware *
cisco unified_ip_phone_7960g -
cisco unified_ip_phone_7945g_firmware *
cisco unified_ip_phone_7945g -
cisco unified_ip_phone_7942g_firmware *
cisco unified_ip_phone_7942g -
cisco unified_ip_phone_7941g_firmware *
cisco unified_ip_phone_7941g -
cisco unified_ip_phone_7940g_firmware *
cisco unified_ip_phone_7940g -
cisco unified_ip_phone_7931g_firmware *
cisco unified_ip_phone_7931g -
cisco unified_ip_phone_7911g_firmware *
cisco unified_ip_phone_7911g -
cisco unified_ip_phone_7906g_firmware *
cisco unified_ip_phone_7906g -
cisco unified_ip_phone_8811_firmware *
cisco unified_ip_phone_8811 -
cisco unified_ip_phone_8841_firmware *
cisco unified_ip_phone_8841 -
cisco unified_ip_phone_8845_firmware *
cisco unified_ip_phone_8845 -
cisco unified_ip_phone_8851_firmware *
cisco unified_ip_phone_8851 -
cisco unified_ip_phone_8851nr_firmware *
cisco unified_ip_phone_8851nr -
cisco unified_ip_phone_8861_firmware *
cisco unified_ip_phone_8861 -
cisco unified_ip_phone_8865_firmware *
cisco unified_ip_phone_8865 -
cisco unified_ip_phone_8865nr_firmware *
cisco unified_ip_phone_8865nr -
cisco unified_ip_phone_8961_firmware *
cisco unified_ip_phone_8961 -
cisco unified_ip_phone_8945_firmware *
cisco unified_ip_phone_8945 -
cisco unified_ip_phone_8941_firmware *
cisco unified_ip_phone_8941 -
cisco unified_ip_phone_9971_firmware *
cisco unified_ip_phone_9971 -
cisco unified_ip_phone_9951_firmware *
cisco unified_ip_phone_9951 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6901_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9B5E567-41A0-4C9A-91A3-63EB5543F73F",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6901:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12C78A9E-35FA-4CC7-B51F-25133B3D6DA9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6961_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B0A706C-5D52-4FF9-A7D0-D81B8D44A7A0",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6961:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEDF755A-DFA2-4BCB-9A06-0A225B8F05B7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6945_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9303F605-1F5D-4740-BE11-0A1176A68E80",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6945:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B3B667E-9019-4A33-9BB0-D15560EC4145",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6941_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "455F7CDE-B0C9-44B7-AD55-EA03B287A9DF",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6941:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAD4832E-16D3-4E26-B8ED-D32F5CB83180",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6921_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB7A8AC1-6EF0-4FDC-8C18-3118F3F53C8B",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6921:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B807519-7A91-4137-8B0D-0820C6299C13",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6911_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CEC48E7-E9D8-406D-963C-06F5F2209423",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6911:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F32CF4BC-40AD-4C9C-8787-2B7EAE2B3B5F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7832_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "552DA0C7-01D3-46E1-AC87-2CF41408EF0D",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C42D5D4-E5BF-4668-81F0-9D76552E0DCE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7861_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CAED4E4-23FA-4B15-8138-8B79392FC666",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "045E3CD2-AC00-4BA7-A0B0-94D9ACF1F6CF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7841_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C60EC68-7A31-4CBB-BCC4-DD56299C6EEA",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7841:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CAEF25F-B028-487D-B396-C33D5246D188",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7821_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0921726-02A0-47D0-9E40-E1E3DD6D5A22",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7821:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "182E3741-46FC-47D3-B075-772E87C8F80C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7811_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1EFB1A0-ED54-4586-9A10-E27A936AE6B6",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7811:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6551539F-39C1-4CD6-92F3-FE330E92CC06",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7937g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7BECC3-B86D-4669-8463-DAE35D406B1B",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7937g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F69722C8-73F9-4989-817B-DF8F882676AD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7975g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6D10125-025C-42B5-93D9-5A4FA79290C3",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7975g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA879B6-04D6-402A-8F38-8A7CB34D76F4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7965g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82C369BE-4A67-489B-9A26-AB00D4C4E409",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7965g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF30D1CC-D27F-49FF-9C63-BB890002D1C2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7962g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA428649-4098-4166-8ED3-4A1C707F00FB",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7962g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8424EA40-BAEE-4503-A826-003C478D07F0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7961g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57152C53-3445-4CDD-9C3F-DB0067611DAB",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7961g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1B979DC-52B4-497E-9D7C-3D8F861E6E26",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7960g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B10AA232-FF33-4062-977C-984D2E2CBF70",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7960g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DFA9051-62CB-4C7B-9C97-CD901DC778F0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7945g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D8A52F3-1D02-4D2F-A68D-276D065BD00B",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7945g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5980E646-CA07-4222-A9DD-A71306A4A678",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7942g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E24932D-8F8E-4991-858D-246D5CD594B7",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7942g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37232BAF-C3BD-45A3-B54F-3DA2E15F2FBD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7941g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79A195E8-4210-4F4A-B742-1C943DF5D2AF",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7941g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7519FF0-672E-430F-980D-53D2A851C78C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7940g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34AC4FC0-1504-449C-86CC-1033D0BBD994",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7940g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "84AEFB6F-3534-478A-97FF-C100A86A269E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7931g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2B814BA-710F-4E42-8EA0-F9B59B5E2A39",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7931g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0D51724-CA7C-4F8E-9C02-408A96E32860",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7911g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB2313E3-D3C9-4990-8657-05345C386759",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7911g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BF164BA-91F9-434B-9837-1B6E600A91AF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7906g_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7EA3D2C-8327-4D0F-9AD8-3373AB3CCC53",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7906g:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "94B18568-30F5-40BF-96DB-589ED8D960F5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8811_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D8DA83E-9548-455E-BCFF-5238FB56BF48",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8811:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D96E5B04-7CFF-4DF9-A356-C015AD8F5536",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8841_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "15426BD5-25E2-43B6-9E6E-346F26E2AC1A",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8841:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80B68502-F042-4094-BECB-0C59C3C6D07F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8845_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33CD3FFF-1517-4EF7-AE38-F6DA836100AE",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8845:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF629B3C-0874-4BC9-97F3-28A5A7AC8917",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8851_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CD08767-7F00-48E6-87A9-99FE9E2D96B9",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8851:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B37ABB-C273-47B1-B7B0-692280CC957B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8851nr_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "79C63F44-F1B6-47A3-900E-BA9B7A2EDAE3",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8851nr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B021B260-CD3C-4EA5-9A2C-FE80B4ACA787",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8861_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "118AE4A2-F0DB-4E0B-9998-A56711723D34",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB9129D-607E-4227-984E-F0FC2F9047ED",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8865_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27AFD285-F65F-4B09-97C1-082C953EFCB9",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B01FB146-FB66-4251-8025-F38C49FE9CAC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8865nr_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8399BC8F-6DCD-4A61-9E1B-FFA636BAD4C2",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8865nr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB7D543-296F-44AE-9335-BF3244F21E55",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8961_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25923E46-A572-4731-9EAA-3A3B52D83FD3",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8961:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73338C3B-3AFA-4F64-B8C6-FDEBBBDCFD31",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8945_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02037FE7-B885-4C3D-9516-8C8D32D168B9",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8945:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "645668C0-1702-4EBE-AF4D-F73824AF4C41",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8941_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89E58087-9ABF-4BF6-BCC9-F7904593A5D6",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8941:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE80CCF2-84B6-409D-BED3-D1C3D8807D5F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_9971_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "486E6F8D-3563-42DF-86FA-34200B14FB2F",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_9971:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBF7ABE8-03D3-4ACA-834A-89D37D5EBFB2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phone_9951_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C416A15-52CB-4850-8C5B-E3E9C9087FB3",
              "versionEndIncluding": "12.8\\(1\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:unified_ip_phone_9951:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0B483E7-0B8D-480B-94B9-93F00AE91B4B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la funcionalidad Web Access de Cisco IP Phones Series 7800 y Series 8800, podr\u00eda permitir a un atacante remoto no autenticado visualizar informaci\u00f3n confidencial sobre un dispositivo afectado. La vulnerabilidad es debido a controles de acceso inapropiados en la interfaz de administraci\u00f3n basada en web de un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de solicitudes maliciosas al dispositivo, lo que podr\u00eda permitirle omitir las restricciones de acceso. Un ataque con \u00e9xito podr\u00eda permitir al atacante visualizar informaci\u00f3n confidencial, incluyendo los registros de llamadas del dispositivo que contienen nombres, nombres de usuario y n\u00fameros de tel\u00e9fono de los usuarios del dispositivo"
    }
  ],
  "id": "CVE-2020-3360",
  "lastModified": "2024-11-21T05:30:52.567",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "ykramarz@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-18T03:15:14.403",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "ykramarz@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}