cnvd - cnvd-2022-55668

CNVD-2022-55668

Vulnerability from cnvd - Published: 2022-08-08

Title

Cisco Unified IP Phones安全特征问题漏洞

Description

Cisco Unified IP Phones是美国思科（Cisco）公司的一系列IP电话机。 Cisco Unified IP Phones存在安全特征问题漏洞，该漏洞源于在制造过程中未正确生成密钥导致在多个设备上安装重复的制造密钥。未经身份验证的远程攻击者可利用该漏洞允许其模拟其他用户的电话。

Severity

中

Patch Name

Cisco Unified IP Phones安全特征问题漏洞的补丁

Patch Description

Cisco Unified IP Phones是美国思科（Cisco）公司的一系列IP电话机。 Cisco Unified IP Phones存在安全特征问题漏洞，该漏洞源于在制造过程中未正确生成密钥导致在多个设备上安装重复的制造密钥。未经身份验证的远程攻击者可利用该漏洞允许其模拟其他用户的电话。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4

Impacted products

Name
['Cisco Unified IP Phone 8945', 'Cisco ATA 187 Analog Telephone Adapter', 'Cisco Unified IP Phone 6911', 'Cisco Unified IP Phone 6921', 'Cisco Unified IP Phone 6941', 'Cisco Unified IP Phone 6945', 'Cisco Unified IP Phone 6961', 'Cisco Unified IP Phone 8941', 'Cisco Unified IP Phone 8961', 'Cisco Unified IP Phone 9951', 'Cisco Unified IP Phone 9971']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-20817",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-20817"
    }
  },
  "description": "Cisco Unified IP Phones\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u7cfb\u5217IP\u7535\u8bdd\u673a\u3002\n\nCisco Unified IP Phones\u5b58\u5728\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5236\u9020\u8fc7\u7a0b\u4e2d\u672a\u6b63\u786e\u751f\u6210\u5bc6\u94a5\u5bfc\u81f4\u5728\u591a\u4e2a\u8bbe\u5907\u4e0a\u5b89\u88c5\u91cd\u590d\u7684\u5236\u9020\u5bc6\u94a5\u3002\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5141\u8bb8\u5176\u6a21\u62df\u5176\u4ed6\u7528\u6237\u7684\u7535\u8bdd\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-55668",
  "openTime": "2022-08-08",
  "patchDescription": "Cisco Unified IP Phones\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u7cfb\u5217IP\u7535\u8bdd\u673a\u3002\r\n\r\nCisco Unified IP Phones\u5b58\u5728\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5236\u9020\u8fc7\u7a0b\u4e2d\u672a\u6b63\u786e\u751f\u6210\u5bc6\u94a5\u5bfc\u81f4\u5728\u591a\u4e2a\u8bbe\u5907\u4e0a\u5b89\u88c5\u91cd\u590d\u7684\u5236\u9020\u5bc6\u94a5\u3002\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5141\u8bb8\u5176\u6a21\u62df\u5176\u4ed6\u7528\u6237\u7684\u7535\u8bdd\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Unified IP Phones\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Unified IP Phone 8945",
      "Cisco ATA 187 Analog Telephone Adapter",
      "Cisco Unified IP Phone 6911",
      "Cisco Unified IP Phone 6921",
      "Cisco Unified IP Phone 6941",
      "Cisco Unified IP Phone 6945",
      "Cisco Unified IP Phone 6961",
      "Cisco Unified IP Phone 8941",
      "Cisco Unified IP Phone 8961",
      "Cisco Unified IP Phone 9951",
      "Cisco Unified IP Phone 9971"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4",
  "serverity": "\u4e2d",
  "submitTime": "2022-06-17",
  "title": "Cisco Unified IP Phones\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e"
}

CVE-2022-20817 (GCVE-0-2022-20817)

Vulnerability from cvelistv5 – Published: 2022-06-15 17:55 – Updated: 2024-11-01 19:02

Summary

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-338

Assigner

cisco

References

URL

Tags

https://tools.cisco.com/security/center/content/C…

vendor-advisoryx_refsource_CISCO

Impacted products

	Vendor	Product	Version
	Cisco	Cisco IP Phones with Multiplatform Firmware	Affected: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:24:49.918Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20220615 Cisco IP Phone Duplicate Key Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-20817",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-01T18:42:50.391033Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-01T19:02:31.240Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IP Phones with Multiplatform Firmware",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2022-06-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user\u0027s phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user\u0027s phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-338",
              "description": "CWE-338",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-15T17:55:32",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20220615 Cisco IP Phone Duplicate Key Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cp6901-dup-cert-82jdJGe4",
        "defect": [
          [
            "CSCvz07149"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IP Phone Duplicate Key Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2022-06-15T23:00:00",
          "ID": "CVE-2022-20817",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IP Phone Duplicate Key Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IP Phones with Multiplatform Firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user\u0027s phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user\u0027s phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.4",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-338"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20220615 Cisco IP Phone Duplicate Key Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-cp6901-dup-cert-82jdJGe4",
          "defect": [
            [
              "CSCvz07149"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20817",
    "datePublished": "2022-06-15T17:55:32.726275Z",
    "dateReserved": "2021-11-02T00:00:00",
    "dateUpdated": "2024-11-01T19:02:31.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-55668

CVE-2022-20817 (GCVE-0-2022-20817)

Tags

Sightings

Nomenclature