CVE-2022-20817 (GCVE-0-2022-20817)

Vulnerability from cvelistv5 – Published: 2022-06-15 17:55 – Updated: 2024-11-01 19:02
VLAI?
Summary
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.
Severity ?
7.4 (High)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE
Assigner
References
https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
Impacted products
Vendor Product Version
Cisco Cisco IP Phones with Multiplatform Firmware Affected: n/a
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:24:49.918Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20220615 Cisco IP Phone Duplicate Key Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-20817",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-01T18:42:50.391033Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-01T19:02:31.240Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IP Phones with Multiplatform Firmware",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2022-06-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user\u0027s phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user\u0027s phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-338",
              "description": "CWE-338",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-15T17:55:32",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20220615 Cisco IP Phone Duplicate Key Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cp6901-dup-cert-82jdJGe4",
        "defect": [
          [
            "CSCvz07149"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IP Phone Duplicate Key Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2022-06-15T23:00:00",
          "ID": "CVE-2022-20817",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IP Phone Duplicate Key Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IP Phones with Multiplatform Firmware",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user\u0027s phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user\u0027s phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "7.4",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-338"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20220615 Cisco IP Phone Duplicate Key Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-cp6901-dup-cert-82jdJGe4",
          "defect": [
            [
              "CSCvz07149"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2022-20817",
    "datePublished": "2022-06-15T17:55:32.726275Z",
    "dateReserved": "2021-11-02T00:00:00",
    "dateUpdated": "2024-11-01T19:02:31.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:unified_ip_phone_6911_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"33DC1B73-7716-4C33-B708-DB70C91D4EFF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:unified_ip_phone_6911:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F32CF4BC-40AD-4C9C-8787-2B7EAE2B3B5F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:unified_ip_phone_6921_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF807E93-45B9-4197-A475-81FD8BB84360\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:unified_ip_phone_6921:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B807519-7A91-4137-8B0D-0820C6299C13\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:unified_ip_phone_6941_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"538BDFFF-1F29-4612-9415-9ABE0DF61B3B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:unified_ip_phone_6941:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAD4832E-16D3-4E26-B8ED-D32F5CB83180\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:unified_ip_phone_6945_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73C85716-FF1C-4DDF-BA4B-8F082C0F41EB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:unified_ip_phone_6945:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B3B667E-9019-4A33-9BB0-D15560EC4145\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:unified_ip_phone_6961_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE612EC5-04F4-48C7-9491-513DE4752304\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:unified_ip_phone_6961:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BEDF755A-DFA2-4BCB-9A06-0A225B8F05B7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:unified_ip_phone_8941_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2CADFBC-152A-4360-8A3B-74AC7D7C6AE4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:unified_ip_phone_8941:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE80CCF2-84B6-409D-BED3-D1C3D8807D5F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:unified_ip_phone_8945_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2811EB8-047B-4B6B-AEE2-90B175829D18\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:unified_ip_phone_8945:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"645668C0-1702-4EBE-AF4D-F73824AF4C41\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:unified_ip_phone_8961_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE399426-F090-4E49-9B8D-F5626ED8DD0A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:unified_ip_phone_8961:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73338C3B-3AFA-4F64-B8C6-FDEBBBDCFD31\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:unified_ip_phone_9951_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"63DB2B9A-C131-4FA1-BFE3-E2879A8C945D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:unified_ip_phone_9951:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0B483E7-0B8D-480B-94B9-93F00AE91B4B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:unified_ip_phone_9971_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"667CCF0A-0D40-4000-9DD5-FE506F0BC725\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:unified_ip_phone_9971:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBF7ABE8-03D3-4ACA-834A-89D37D5EBFB2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ata_187_analog_telephone_adapter_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED8E935A-C400-45D0-85C1-7C75769E2AA5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ata_187_analog_telephone_adapter:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA0CD943-831E-49B6-8BA9-EA21972ACEBA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user\u0027s phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user\u0027s phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en los tel\\u00e9fonos IP de Cisco Unified podr\\u00eda permitir a un atacante remoto no autenticado hacerse pasar por el tel\\u00e9fono de otro usuario si Cisco Unified Communications Manager (CUCM) est\\u00e1 en modo seguro. Esta vulnerabilidad es debido a la generaci\\u00f3n inapropiada de claves durante el proceso de fabricaci\\u00f3n que podr\\u00eda resultar en claves fabricadas duplicadas instaladas en varios dispositivos. Un atacante podr\\u00eda aprovechar esta vulnerabilidad al llevar a cabo un ataque de m\\u00e1quina en el medio en la comunicaci\\u00f3n segura entre el tel\\u00e9fono y el CUCM. Una explotaci\\u00f3n con \\u00e9xito podr\\u00eda permitir al atacante hacerse pasar por el tel\\u00e9fono de otro usuario. Esta vulnerabilidad no puede abordarse con actualizaciones de software. Se presenta una mitigaci\\u00f3n que aborda esta vulnerabilidad\"}]",
      "id": "CVE-2022-20817",
      "lastModified": "2024-11-21T06:43:36.787",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.2}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-06-15T18:15:08.997",
      "references": "[{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-338\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-338\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-20817\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2022-06-15T18:15:08.997\",\"lastModified\":\"2024-11-21T06:43:36.787\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user\u0027s phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user\u0027s phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en los tel\u00e9fonos IP de Cisco Unified podr\u00eda permitir a un atacante remoto no autenticado hacerse pasar por el tel\u00e9fono de otro usuario si Cisco Unified Communications Manager (CUCM) est\u00e1 en modo seguro. Esta vulnerabilidad es debido a la generaci\u00f3n inapropiada de claves durante el proceso de fabricaci\u00f3n que podr\u00eda resultar en claves fabricadas duplicadas instaladas en varios dispositivos. Un atacante podr\u00eda aprovechar esta vulnerabilidad al llevar a cabo un ataque de m\u00e1quina en el medio en la comunicaci\u00f3n segura entre el tel\u00e9fono y el CUCM. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante hacerse pasar por el tel\u00e9fono de otro usuario. Esta vulnerabilidad no puede abordarse con actualizaciones de software. Se presenta una mitigaci\u00f3n que aborda esta vulnerabilidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"psirt@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-338\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-338\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:unified_ip_phone_6911_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"33DC1B73-7716-4C33-B708-DB70C91D4EFF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:unified_ip_phone_6911:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F32CF4BC-40AD-4C9C-8787-2B7EAE2B3B5F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:unified_ip_phone_6921_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF807E93-45B9-4197-A475-81FD8BB84360\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:unified_ip_phone_6921:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B807519-7A91-4137-8B0D-0820C6299C13\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:unified_ip_phone_6941_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"538BDFFF-1F29-4612-9415-9ABE0DF61B3B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:unified_ip_phone_6941:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAD4832E-16D3-4E26-B8ED-D32F5CB83180\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:unified_ip_phone_6945_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73C85716-FF1C-4DDF-BA4B-8F082C0F41EB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:unified_ip_phone_6945:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B3B667E-9019-4A33-9BB0-D15560EC4145\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:unified_ip_phone_6961_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE612EC5-04F4-48C7-9491-513DE4752304\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:unified_ip_phone_6961:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEDF755A-DFA2-4BCB-9A06-0A225B8F05B7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:unified_ip_phone_8941_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2CADFBC-152A-4360-8A3B-74AC7D7C6AE4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:unified_ip_phone_8941:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE80CCF2-84B6-409D-BED3-D1C3D8807D5F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:unified_ip_phone_8945_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2811EB8-047B-4B6B-AEE2-90B175829D18\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:unified_ip_phone_8945:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"645668C0-1702-4EBE-AF4D-F73824AF4C41\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:unified_ip_phone_8961_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE399426-F090-4E49-9B8D-F5626ED8DD0A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:unified_ip_phone_8961:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73338C3B-3AFA-4F64-B8C6-FDEBBBDCFD31\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:unified_ip_phone_9951_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63DB2B9A-C131-4FA1-BFE3-E2879A8C945D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:unified_ip_phone_9951:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0B483E7-0B8D-480B-94B9-93F00AE91B4B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:unified_ip_phone_9971_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"667CCF0A-0D40-4000-9DD5-FE506F0BC725\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:unified_ip_phone_9971:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBF7ABE8-03D3-4ACA-834A-89D37D5EBFB2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ata_187_analog_telephone_adapter_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED8E935A-C400-45D0-85C1-7C75769E2AA5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ata_187_analog_telephone_adapter:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA0CD943-831E-49B6-8BA9-EA21972ACEBA\"}]}]}],\"references\":[{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4\", \"name\": \"20220615 Cisco IP Phone Duplicate Key Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T02:24:49.918Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-20817\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-01T18:42:50.391033Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-01T18:43:05.506Z\"}}], \"cna\": {\"title\": \"Cisco IP Phone Duplicate Key Vulnerability\", \"source\": {\"defect\": [[\"CSCvz07149\"]], \"advisory\": \"cisco-sa-cp6901-dup-cert-82jdJGe4\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IP Phones with Multiplatform Firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"datePublic\": \"2022-06-15T00:00:00\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4\", \"name\": \"20220615 Cisco IP Phone Duplicate Key Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user\u0027s phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user\u0027s phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-338\", \"description\": \"CWE-338\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2022-06-15T17:55:32\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"7.4\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\"}}, \"source\": {\"defect\": [[\"CSCvz07149\"]], \"advisory\": \"cisco-sa-cp6901-dup-cert-82jdJGe4\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco IP Phones with Multiplatform Firmware\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4\", \"name\": \"20220615 Cisco IP Phone Duplicate Key Vulnerability\", \"refsource\": \"CISCO\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user\u0027s phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user\u0027s phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-338\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-20817\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco IP Phone Duplicate Key Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2022-06-15T23:00:00\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-20817\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-01T19:02:31.240Z\", \"dateReserved\": \"2021-11-02T00:00:00\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2022-06-15T17:55:32.726275Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.