All the vulnerabilites related to cisco - unified_ip_phone_8941
cve-2020-3360
Vulnerability from cvelistv5
Published
2020-06-18 02:17
Modified
2024-11-15 17:05
Severity ?
EPSS score ?
Summary
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM | vendor-advisory, x_refsource_CISCO |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco IP Phone 8800 Series Software |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T07:30:58.207Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2020-3360", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-11-15T16:21:10.982053Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-15T17:05:37.576Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IP Phone 8800 Series Software", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2020-06-17T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device." } ], "exploits": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-06-18T02:17:03", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM" } ], "source": { "advisory": "cisco-sa-phone-logs-2O7f7ExM", "defect": [ [ "CSCvt23310", "CSCvt27636", "CSCvt27637", "CSCvt27645" ] ], "discovery": "INTERNAL" }, "title": "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-06-17T16:00:00", "ID": "CVE-2020-3360", "STATE": "PUBLIC", "TITLE": "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco IP Phone 8800 Series Software", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "5.3", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-200" } ] } ] }, "references": { "reference_data": [ { "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM" } ] }, "source": { "advisory": "cisco-sa-phone-logs-2O7f7ExM", "defect": [ [ "CSCvt23310", "CSCvt27636", "CSCvt27637", "CSCvt27645" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3360", "datePublished": "2020-06-18T02:17:03.642062Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-11-15T17:05:37.576Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-20817
Vulnerability from cvelistv5
Published
2022-06-15 17:55
Modified
2024-11-01 19:02
Severity ?
EPSS score ?
Summary
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.
References
▼ | URL | Tags |
---|---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4 | vendor-advisory, x_refsource_CISCO |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Cisco | Cisco IP Phones with Multiplatform Firmware |
Version: n/a |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T02:24:49.918Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "20220615 Cisco IP Phone Duplicate Key Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2022-20817", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-01T18:42:50.391033Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-01T19:02:31.240Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Cisco IP Phones with Multiplatform Firmware", "vendor": "Cisco", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2022-06-15T00:00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user\u0027s phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user\u0027s phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability." } ], "exploits": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-338", "description": "CWE-338", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2022-06-15T17:55:32", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco" }, "references": [ { "name": "20220615 Cisco IP Phone Duplicate Key Vulnerability", "tags": [ "vendor-advisory", "x_refsource_CISCO" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4" } ], "source": { "advisory": "cisco-sa-cp6901-dup-cert-82jdJGe4", "defect": [ [ "CSCvz07149" ] ], "discovery": "INTERNAL" }, "title": "Cisco IP Phone Duplicate Key Vulnerability", "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2022-06-15T23:00:00", "ID": "CVE-2022-20817", "STATE": "PUBLIC", "TITLE": "Cisco IP Phone Duplicate Key Vulnerability" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Cisco IP Phones with Multiplatform Firmware", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "Cisco" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user\u0027s phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user\u0027s phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability." } ] }, "exploit": [ { "lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory." } ], "impact": { "cvss": { "baseScore": "7.4", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-338" } ] } ] }, "references": { "reference_data": [ { "name": "20220615 Cisco IP Phone Duplicate Key Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4" } ] }, "source": { "advisory": "cisco-sa-cp6901-dup-cert-82jdJGe4", "defect": [ [ "CSCvz07149" ] ], "discovery": "INTERNAL" } } } }, "cveMetadata": { "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2022-20817", "datePublished": "2022-06-15T17:55:32.726275Z", "dateReserved": "2021-11-02T00:00:00", "dateUpdated": "2024-11-01T19:02:31.240Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2022-06-15 18:15
Modified
2024-11-21 06:43
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6911_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "33DC1B73-7716-4C33-B708-DB70C91D4EFF", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6911:-:*:*:*:*:*:*:*", "matchCriteriaId": "F32CF4BC-40AD-4C9C-8787-2B7EAE2B3B5F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6921_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF807E93-45B9-4197-A475-81FD8BB84360", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6921:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B807519-7A91-4137-8B0D-0820C6299C13", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6941_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "538BDFFF-1F29-4612-9415-9ABE0DF61B3B", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6941:-:*:*:*:*:*:*:*", "matchCriteriaId": "FAD4832E-16D3-4E26-B8ED-D32F5CB83180", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6945_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "73C85716-FF1C-4DDF-BA4B-8F082C0F41EB", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6945:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B3B667E-9019-4A33-9BB0-D15560EC4145", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6961_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE612EC5-04F4-48C7-9491-513DE4752304", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6961:-:*:*:*:*:*:*:*", "matchCriteriaId": "BEDF755A-DFA2-4BCB-9A06-0A225B8F05B7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8941_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2CADFBC-152A-4360-8A3B-74AC7D7C6AE4", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8941:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE80CCF2-84B6-409D-BED3-D1C3D8807D5F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8945_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F2811EB8-047B-4B6B-AEE2-90B175829D18", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8945:-:*:*:*:*:*:*:*", "matchCriteriaId": "645668C0-1702-4EBE-AF4D-F73824AF4C41", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8961_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE399426-F090-4E49-9B8D-F5626ED8DD0A", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8961:-:*:*:*:*:*:*:*", "matchCriteriaId": "73338C3B-3AFA-4F64-B8C6-FDEBBBDCFD31", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_9951_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "63DB2B9A-C131-4FA1-BFE3-E2879A8C945D", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_9951:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B483E7-0B8D-480B-94B9-93F00AE91B4B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_9971_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "667CCF0A-0D40-4000-9DD5-FE506F0BC725", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_9971:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBF7ABE8-03D3-4ACA-834A-89D37D5EBFB2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:ata_187_analog_telephone_adapter_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED8E935A-C400-45D0-85C1-7C75769E2AA5", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:ata_187_analog_telephone_adapter:-:*:*:*:*:*:*:*", "matchCriteriaId": "AA0CD943-831E-49B6-8BA9-EA21972ACEBA", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user\u0027s phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user\u0027s phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability." }, { "lang": "es", "value": "Una vulnerabilidad en los tel\u00e9fonos IP de Cisco Unified podr\u00eda permitir a un atacante remoto no autenticado hacerse pasar por el tel\u00e9fono de otro usuario si Cisco Unified Communications Manager (CUCM) est\u00e1 en modo seguro. Esta vulnerabilidad es debido a la generaci\u00f3n inapropiada de claves durante el proceso de fabricaci\u00f3n que podr\u00eda resultar en claves fabricadas duplicadas instaladas en varios dispositivos. Un atacante podr\u00eda aprovechar esta vulnerabilidad al llevar a cabo un ataque de m\u00e1quina en el medio en la comunicaci\u00f3n segura entre el tel\u00e9fono y el CUCM. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante hacerse pasar por el tel\u00e9fono de otro usuario. Esta vulnerabilidad no puede abordarse con actualizaciones de software. Se presenta una mitigaci\u00f3n que aborda esta vulnerabilidad" } ], "id": "CVE-2022-20817", "lastModified": "2024-11-21T06:43:36.787", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "ykramarz@cisco.com", "type": "Secondary" }, { "cvssData": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2022-06-15T18:15:08.997", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-338" } ], "source": "ykramarz@cisco.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-338" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2020-06-18 03:15
Modified
2024-11-21 05:30
Severity ?
Summary
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
References
Impacted products
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6901_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9B5E567-41A0-4C9A-91A3-63EB5543F73F", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6901:-:*:*:*:*:*:*:*", "matchCriteriaId": "12C78A9E-35FA-4CC7-B51F-25133B3D6DA9", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6961_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B0A706C-5D52-4FF9-A7D0-D81B8D44A7A0", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6961:-:*:*:*:*:*:*:*", "matchCriteriaId": "BEDF755A-DFA2-4BCB-9A06-0A225B8F05B7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6945_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9303F605-1F5D-4740-BE11-0A1176A68E80", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6945:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B3B667E-9019-4A33-9BB0-D15560EC4145", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6941_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "455F7CDE-B0C9-44B7-AD55-EA03B287A9DF", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6941:-:*:*:*:*:*:*:*", "matchCriteriaId": "FAD4832E-16D3-4E26-B8ED-D32F5CB83180", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6921_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB7A8AC1-6EF0-4FDC-8C18-3118F3F53C8B", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6921:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B807519-7A91-4137-8B0D-0820C6299C13", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_6911_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CEC48E7-E9D8-406D-963C-06F5F2209423", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_6911:-:*:*:*:*:*:*:*", "matchCriteriaId": "F32CF4BC-40AD-4C9C-8787-2B7EAE2B3B5F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7832_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "552DA0C7-01D3-46E1-AC87-2CF41408EF0D", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7832:-:*:*:*:*:*:*:*", "matchCriteriaId": "2C42D5D4-E5BF-4668-81F0-9D76552E0DCE", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7861_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0CAED4E4-23FA-4B15-8138-8B79392FC666", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7861:-:*:*:*:*:*:*:*", "matchCriteriaId": "045E3CD2-AC00-4BA7-A0B0-94D9ACF1F6CF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7841_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C60EC68-7A31-4CBB-BCC4-DD56299C6EEA", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7841:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CAEF25F-B028-487D-B396-C33D5246D188", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7821_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0921726-02A0-47D0-9E40-E1E3DD6D5A22", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7821:-:*:*:*:*:*:*:*", "matchCriteriaId": "182E3741-46FC-47D3-B075-772E87C8F80C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7811_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1EFB1A0-ED54-4586-9A10-E27A936AE6B6", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7811:-:*:*:*:*:*:*:*", "matchCriteriaId": "6551539F-39C1-4CD6-92F3-FE330E92CC06", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7937g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE7BECC3-B86D-4669-8463-DAE35D406B1B", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7937g:-:*:*:*:*:*:*:*", "matchCriteriaId": "F69722C8-73F9-4989-817B-DF8F882676AD", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7975g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6D10125-025C-42B5-93D9-5A4FA79290C3", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7975g:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BA879B6-04D6-402A-8F38-8A7CB34D76F4", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7965g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "82C369BE-4A67-489B-9A26-AB00D4C4E409", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7965g:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF30D1CC-D27F-49FF-9C63-BB890002D1C2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7962g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA428649-4098-4166-8ED3-4A1C707F00FB", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7962g:-:*:*:*:*:*:*:*", "matchCriteriaId": "8424EA40-BAEE-4503-A826-003C478D07F0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7961g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "57152C53-3445-4CDD-9C3F-DB0067611DAB", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7961g:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1B979DC-52B4-497E-9D7C-3D8F861E6E26", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7960g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B10AA232-FF33-4062-977C-984D2E2CBF70", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7960g:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DFA9051-62CB-4C7B-9C97-CD901DC778F0", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7945g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D8A52F3-1D02-4D2F-A68D-276D065BD00B", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7945g:-:*:*:*:*:*:*:*", "matchCriteriaId": "5980E646-CA07-4222-A9DD-A71306A4A678", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7942g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E24932D-8F8E-4991-858D-246D5CD594B7", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7942g:-:*:*:*:*:*:*:*", "matchCriteriaId": "37232BAF-C3BD-45A3-B54F-3DA2E15F2FBD", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7941g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "79A195E8-4210-4F4A-B742-1C943DF5D2AF", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7941g:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7519FF0-672E-430F-980D-53D2A851C78C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7940g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "34AC4FC0-1504-449C-86CC-1033D0BBD994", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7940g:-:*:*:*:*:*:*:*", "matchCriteriaId": "84AEFB6F-3534-478A-97FF-C100A86A269E", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7931g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2B814BA-710F-4E42-8EA0-F9B59B5E2A39", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7931g:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D51724-CA7C-4F8E-9C02-408A96E32860", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7911g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB2313E3-D3C9-4990-8657-05345C386759", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7911g:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BF164BA-91F9-434B-9837-1B6E600A91AF", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7906g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7EA3D2C-8327-4D0F-9AD8-3373AB3CCC53", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7906g:-:*:*:*:*:*:*:*", "matchCriteriaId": "94B18568-30F5-40BF-96DB-589ED8D960F5", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8811_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D8DA83E-9548-455E-BCFF-5238FB56BF48", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8811:-:*:*:*:*:*:*:*", "matchCriteriaId": "D96E5B04-7CFF-4DF9-A356-C015AD8F5536", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8841_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "15426BD5-25E2-43B6-9E6E-346F26E2AC1A", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8841:-:*:*:*:*:*:*:*", "matchCriteriaId": "80B68502-F042-4094-BECB-0C59C3C6D07F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8845_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "33CD3FFF-1517-4EF7-AE38-F6DA836100AE", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8845:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF629B3C-0874-4BC9-97F3-28A5A7AC8917", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8851_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CD08767-7F00-48E6-87A9-99FE9E2D96B9", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8851:-:*:*:*:*:*:*:*", "matchCriteriaId": "37B37ABB-C273-47B1-B7B0-692280CC957B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8851nr_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "79C63F44-F1B6-47A3-900E-BA9B7A2EDAE3", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8851nr:-:*:*:*:*:*:*:*", "matchCriteriaId": "B021B260-CD3C-4EA5-9A2C-FE80B4ACA787", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8861_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "118AE4A2-F0DB-4E0B-9998-A56711723D34", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8861:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BB9129D-607E-4227-984E-F0FC2F9047ED", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8865_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "27AFD285-F65F-4B09-97C1-082C953EFCB9", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8865:-:*:*:*:*:*:*:*", "matchCriteriaId": "B01FB146-FB66-4251-8025-F38C49FE9CAC", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8865nr_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8399BC8F-6DCD-4A61-9E1B-FFA636BAD4C2", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8865nr:-:*:*:*:*:*:*:*", "matchCriteriaId": "5EB7D543-296F-44AE-9335-BF3244F21E55", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8961_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "25923E46-A572-4731-9EAA-3A3B52D83FD3", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8961:-:*:*:*:*:*:*:*", "matchCriteriaId": "73338C3B-3AFA-4F64-B8C6-FDEBBBDCFD31", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8945_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02037FE7-B885-4C3D-9516-8C8D32D168B9", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8945:-:*:*:*:*:*:*:*", "matchCriteriaId": "645668C0-1702-4EBE-AF4D-F73824AF4C41", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_8941_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "89E58087-9ABF-4BF6-BCC9-F7904593A5D6", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_8941:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE80CCF2-84B6-409D-BED3-D1C3D8807D5F", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_9971_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "486E6F8D-3563-42DF-86FA-34200B14FB2F", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_9971:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBF7ABE8-03D3-4ACA-834A-89D37D5EBFB2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:cisco:unified_ip_phone_9951_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C416A15-52CB-4850-8C5B-E3E9C9087FB3", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:cisco:unified_ip_phone_9951:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B483E7-0B8D-480B-94B9-93F00AE91B4B", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device." }, { "lang": "es", "value": "Una vulnerabilidad en la funcionalidad Web Access de Cisco IP Phones Series 7800 y Series 8800, podr\u00eda permitir a un atacante remoto no autenticado visualizar informaci\u00f3n confidencial sobre un dispositivo afectado. La vulnerabilidad es debido a controles de acceso inapropiados en la interfaz de administraci\u00f3n basada en web de un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de solicitudes maliciosas al dispositivo, lo que podr\u00eda permitirle omitir las restricciones de acceso. Un ataque con \u00e9xito podr\u00eda permitir al atacante visualizar informaci\u00f3n confidencial, incluyendo los registros de llamadas del dispositivo que contienen nombres, nombres de usuario y n\u00fameros de tel\u00e9fono de los usuarios del dispositivo" } ], "id": "CVE-2020-3360", "lastModified": "2024-11-21T05:30:52.567", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "ykramarz@cisco.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2020-06-18T03:15:14.403", "references": [ { "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM" } ], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-200" } ], "source": "ykramarz@cisco.com", "type": "Secondary" }, { "description": [ { "lang": "en", "value": "CWE-863" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }