Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for unified_ip_phone_8865nr_firmware by cisco

    CVE-2023-20018 (GCVE-0-2023-20018)

    Vulnerability from nvd – Published: 2023-01-19 01:35 – Updated: 2024-08-02 08:57
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 9.3(4) 3rd Party
    Affected: 9.3(4)SR3 3rd Party
    Affected: 9.3(4)SR1 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 11.0(3)SR3
    Affected: 11.0(2)SR1
    Affected: 11.5(1)
    Affected: 11.0(5)SR2
    Affected: 11.0(2)
    Affected: 11.7(1)
    Affected: 11.0(4)SR3
    Affected: 11.0(0.7) MPP
    Affected: 11.0(4)SR2
    Affected: 11.0(3)SR5
    Affected: 11.0(3)SR6
    Affected: 11.0(3)
    Affected: 11.0(4)SR1
    Affected: 11.0(1) MPP
    Affected: 11.0(4)
    Affected: 11.0(3)SR4
    Affected: 11.0(5)
    Affected: 11.0(3)SR1
    Affected: 11.0(5)SR1
    Affected: 11.0(3)SR2
    Affected: 11.0(2)SR2
    Affected: 11.0(1)
    Affected: 11.5(1)SR1
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 10.3(1.11) 3rd Party
    Affected: 10.2(2)
    Affected: 10.2(1)SR1
    Affected: 10.1(1.9)
    Affected: 10.1(1)SR2
    Affected: 10.2(1)
    Affected: 10.1(1)SR1
    Affected: 10.4(1)SR2 3rd Party
    Affected: 10.3(1)
    Affected: 10.3(1)SR4b
    Affected: 10.3(1)SR5
    Affected: 10.3(1.9) 3rd Party
    Affected: 10.3(2)
    Affected: 10.3(1)SR4
    Affected: 10.3(1)SR2
    Affected: 10.3(1)SR3
    Affected: 10.3(1)SR1
    Affected: 12.6(1)
    Affected: 12.1(1)
    Affected: 12.5(1)SR1
    Affected: 12.5(1)SR2
    Affected: 12.5(1)
    Affected: 12.5(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 12.1(1)SR1
    Affected: 12.0(1)
    Affected: 12.0(1)SR2
    Affected: 12.0(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.8(1)
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 11.0(5)SR3
    Affected: 11.0(6)
    Affected: 11.0(6)SR1
    Affected: 11.0(6)SR2
    Affected: 10.3(1)SR6
    Affected: 10.3(1)SR7
    Affected: 12.7(1)SR1
    Affected: 14.0(1)SR1
    Affected: 14.0(1)
    Affected: 14.0(1)SR2
    Affected: 14.0(1)SR3
    Affected: 14.1(1)
    Affected: 14.1(1)SR1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ip-phone-auth-bypass-pSqxZRPR",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR5"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR6"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1) MPP"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR7"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:31.975Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ip-phone-auth-bypass-pSqxZRPR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ip-phone-auth-bypass-pSqxZRPR",
            "defects": [
              "CSCwc37223",
              "CSCwc37234"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20018",
        "datePublished": "2023-01-19T01:35:41.006Z",
        "dateReserved": "2022-10-27T18:47:50.308Z",
        "dateUpdated": "2024-08-02T08:57:35.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-3360 (GCVE-0-2020-3360)

    Vulnerability from nvd – Published: 2020-06-18 02:17 – Updated: 2024-11-15 17:05
    VLAI
    Title
    Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability
    Summary
    A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2020-06-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:30:58.207Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-3360",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T16:21:10.982053Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T17:05:37.576Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phone 8800 Series Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2020-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-18T02:17:03.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"
            }
          ],
          "source": {
            "advisory": "cisco-sa-phone-logs-2O7f7ExM",
            "defect": [
              [
                "CSCvt23310",
                "CSCvt27636",
                "CSCvt27637",
                "CSCvt27645"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2020-06-17T16:00:00",
              "ID": "CVE-2020-3360",
              "STATE": "PUBLIC",
              "TITLE": "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco IP Phone 8800 Series Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "5.3",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-phone-logs-2O7f7ExM",
              "defect": [
                [
                  "CSCvt23310",
                  "CSCvt27636",
                  "CSCvt27637",
                  "CSCvt27645"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2020-3360",
        "datePublished": "2020-06-18T02:17:03.642Z",
        "dateReserved": "2019-12-12T00:00:00.000Z",
        "dateUpdated": "2024-11-15T17:05:37.576Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20018 (GCVE-0-2023-20018)

    Vulnerability from cvelistv5 – Published: 2023-01-19 01:35 – Updated: 2024-08-02 08:57
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.
    CWE
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco Session Initiation Protocol (SIP) Software Affected: 9.3(4) 3rd Party
    Affected: 9.3(4)SR3 3rd Party
    Affected: 9.3(4)SR1 3rd Party
    Affected: 9.3(4)SR2 3rd Party
    Affected: 11.0(3)SR3
    Affected: 11.0(2)SR1
    Affected: 11.5(1)
    Affected: 11.0(5)SR2
    Affected: 11.0(2)
    Affected: 11.7(1)
    Affected: 11.0(4)SR3
    Affected: 11.0(0.7) MPP
    Affected: 11.0(4)SR2
    Affected: 11.0(3)SR5
    Affected: 11.0(3)SR6
    Affected: 11.0(3)
    Affected: 11.0(4)SR1
    Affected: 11.0(1) MPP
    Affected: 11.0(4)
    Affected: 11.0(3)SR4
    Affected: 11.0(5)
    Affected: 11.0(3)SR1
    Affected: 11.0(5)SR1
    Affected: 11.0(3)SR2
    Affected: 11.0(2)SR2
    Affected: 11.0(1)
    Affected: 11.5(1)SR1
    Affected: 11-0-1MSR1-1
    Affected: 10.4(1) 3rd Party
    Affected: 10.3(1.11) 3rd Party
    Affected: 10.2(2)
    Affected: 10.2(1)SR1
    Affected: 10.1(1.9)
    Affected: 10.1(1)SR2
    Affected: 10.2(1)
    Affected: 10.1(1)SR1
    Affected: 10.4(1)SR2 3rd Party
    Affected: 10.3(1)
    Affected: 10.3(1)SR4b
    Affected: 10.3(1)SR5
    Affected: 10.3(1.9) 3rd Party
    Affected: 10.3(2)
    Affected: 10.3(1)SR4
    Affected: 10.3(1)SR2
    Affected: 10.3(1)SR3
    Affected: 10.3(1)SR1
    Affected: 12.6(1)
    Affected: 12.1(1)
    Affected: 12.5(1)SR1
    Affected: 12.5(1)SR2
    Affected: 12.5(1)
    Affected: 12.5(1)SR3
    Affected: 12.6(1)SR1
    Affected: 12.7(1)
    Affected: 12.1(1)SR1
    Affected: 12.0(1)
    Affected: 12.0(1)SR2
    Affected: 12.0(1)SR1
    Affected: 12.0(1)SR3
    Affected: 12.8(1)
    Affected: 12.8(1)SR1
    Affected: 12.8(1)SR2
    Affected: 11.0(5)SR3
    Affected: 11.0(6)
    Affected: 11.0(6)SR1
    Affected: 11.0(6)SR2
    Affected: 10.3(1)SR6
    Affected: 10.3(1)SR7
    Affected: 12.7(1)SR1
    Affected: 14.0(1)SR1
    Affected: 14.0(1)
    Affected: 14.0(1)SR2
    Affected: 14.0(1)SR3
    Affected: 14.1(1)
    Affected: 14.1(1)SR1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:57:35.086Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ip-phone-auth-bypass-pSqxZRPR",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco Session Initiation Protocol (SIP) Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "9.3(4) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR3 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR1 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "9.3(4)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)"
                },
                {
                  "status": "affected",
                  "version": "11.7(1)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(0.7) MPP"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR5"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR6"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(1) MPP"
                },
                {
                  "status": "affected",
                  "version": "11.0(4)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR4"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(3)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(2)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(1)"
                },
                {
                  "status": "affected",
                  "version": "11.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "11-0-1MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.11) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.2(2)"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.1(1.9)"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.2(1)"
                },
                {
                  "status": "affected",
                  "version": "10.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "10.4(1)SR2 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4b"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR5"
                },
                {
                  "status": "affected",
                  "version": "10.3(1.9) 3rd Party"
                },
                {
                  "status": "affected",
                  "version": "10.3(2)"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR4"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)"
                },
                {
                  "status": "affected",
                  "version": "12.5(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.6(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)"
                },
                {
                  "status": "affected",
                  "version": "12.1(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "12.8(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0(5)SR3"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR1"
                },
                {
                  "status": "affected",
                  "version": "11.0(6)SR2"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR6"
                },
                {
                  "status": "affected",
                  "version": "10.3(1)SR7"
                },
                {
                  "status": "affected",
                  "version": "12.7(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR1"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR2"
                },
                {
                  "status": "affected",
                  "version": "14.0(1)SR3"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)"
                },
                {
                  "status": "affected",
                  "version": "14.1(1)SR1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-288",
                  "description": "Authentication Bypass Using an Alternate Path or Channel",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:57:31.975Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ip-phone-auth-bypass-pSqxZRPR",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ip-phone-auth-bypass-pSqxZRPR",
            "defects": [
              "CSCwc37223",
              "CSCwc37234"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20018",
        "datePublished": "2023-01-19T01:35:41.006Z",
        "dateReserved": "2022-10-27T18:47:50.308Z",
        "dateUpdated": "2024-08-02T08:57:35.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-3360 (GCVE-0-2020-3360)

    Vulnerability from cvelistv5 – Published: 2020-06-18 02:17 – Updated: 2024-11-15 17:05
    VLAI
    Title
    Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability
    Summary
    A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://tools.cisco.com/security/center/content/C… vendor-advisoryx_refsource_CISCO
    Impacted products
    Date Public
    2020-06-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T07:30:58.207Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CISCO",
                  "x_transferred"
                ],
                "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-3360",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-15T16:21:10.982053Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-15T17:05:37.576Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phone 8800 Series Software",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2020-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-06-18T02:17:03.000Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
              "tags": [
                "vendor-advisory",
                "x_refsource_CISCO"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"
            }
          ],
          "source": {
            "advisory": "cisco-sa-phone-logs-2O7f7ExM",
            "defect": [
              [
                "CSCvt23310",
                "CSCvt27636",
                "CSCvt27637",
                "CSCvt27645"
              ]
            ],
            "discovery": "INTERNAL"
          },
          "title": "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "psirt@cisco.com",
              "DATE_PUBLIC": "2020-06-17T16:00:00",
              "ID": "CVE-2020-3360",
              "STATE": "PUBLIC",
              "TITLE": "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Cisco IP Phone 8800 Series Software",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Cisco"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device."
                }
              ]
            },
            "exploit": [
              {
                "lang": "en",
                "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
              }
            ],
            "impact": {
              "cvss": {
                "baseScore": "5.3",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability",
                  "refsource": "CISCO",
                  "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"
                }
              ]
            },
            "source": {
              "advisory": "cisco-sa-phone-logs-2O7f7ExM",
              "defect": [
                [
                  "CSCvt23310",
                  "CSCvt27636",
                  "CSCvt27637",
                  "CSCvt27645"
                ]
              ],
              "discovery": "INTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2020-3360",
        "datePublished": "2020-06-18T02:17:03.642Z",
        "dateReserved": "2019-12-12T00:00:00.000Z",
        "dateUpdated": "2024-11-15T17:05:37.576Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }