CVE-2022-20660

Exploit

EPSS 0.07%
Published 14.01.2022 05:15:11
Last modified 21.11.2024 06:43:15
Source psirt@cisco.com
Teams watchlist Login
Open Login

A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.

Affected products Warnungen 0 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Cisco ≫ Ip Conference Phone 7832 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Conference Phone 7832 Version-

Cisco ≫ Ip Conference Phone 8832 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Conference Phone 8832 Version-

Cisco ≫ Ip Phone 7811 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 7811 Version-

Cisco ≫ Ip Phone 7821 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 7821 Version-

Cisco ≫ Ip Phone 7841 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 7841 Version-

Cisco ≫ Ip Phone 7861 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 7861 Version-

Cisco ≫ Ip Phone 8811 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 8811 Version-

Cisco ≫ Ip Phone 8841 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 8841 Version-

Cisco ≫ Ip Phone 8845 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 8845 Version-

Cisco ≫ Ip Phone 8851 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 8851 Version-

Cisco ≫ Ip Phone 8861 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 8861 Version-

Cisco ≫ Ip Phone 8865 Firmware Version < 14.1\(1\)

Cisco ≫ Ip Phone 8865 Version-

Cisco ≫ Unified Ip Conference Phone 8831 Firmware Version-

Cisco ≫ Unified Ip Conference Phone 8831 Version-

Cisco ≫ Unified Ip Conference Phone 8831 For Third-party Call Control Firmware Version-

Cisco ≫ Unified Ip Conference Phone 8831 For Third-party Call Control Version-

Cisco ≫ Unified Ip Phone 7945g Firmware Version-

Cisco ≫ Unified Ip Phone 7945g Version-

Cisco ≫ Unified Ip Phone 7965g Firmware Version-

Cisco ≫ Unified Ip Phone 7965g Version-

Cisco ≫ Unified Ip Phone 7975g Firmware Version-

Cisco ≫ Unified Ip Phone 7975g Version-

Cisco ≫ Unified Sip Phone 3905 Firmware Version < 9.4\(1\)sr5

Cisco ≫ Unified Sip Phone 3905 Version-

Cisco ≫ Wireless Ip Phone 8821 Firmware Version < 11.0\(6\)sr2

Cisco ≫ Wireless Ip Phone 8821 Version-

Cisco ≫ Wireless Ip Phone 8821-ex Firmware Version < 11.0\(6\)sr2

Cisco ≫ Wireless Ip Phone 8821-ex Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.188

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	0.9	3.6	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:P/I:N/A:N
psirt@cisco.com	4.6	0.9	3.6	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html

Third Party Advisory

Exploit

VDB Entry

http://seclists.org/fulldisclosure/2022/Jan/34

Third Party Advisory

Mailing List

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-20660

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-20660

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-20660

EUVD