5.3
CVE-2020-3360
- EPSS 0.36%
- Published 18.06.2020 03:15:14
- Last modified 21.11.2024 05:30:52
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Unified Ip Phone 6901 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 6961 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 6945 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 6941 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 6921 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 6911 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7832 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7861 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7841 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7821 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7811 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7937g Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7975g Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7965g Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7962g Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7961g Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7960g Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7945g Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7942g Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7941g Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7940g Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7931g Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7911g Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 7906g Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 8811 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 8841 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 8845 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 8851 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 8851nr Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 8861 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 8865 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 8865nr Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 8961 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 8945 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 8941 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 9971 Firmware Version <= 12.8\(1\)
Cisco ≫ Unified Ip Phone 9951 Firmware Version <= 12.8\(1\)
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.36% | 0.574 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| psirt@cisco.com | 5.3 | 3.9 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.