8.6
CVE-2023-20018
- EPSS 0.08%
- Published 20.01.2023 07:15:13
- Last modified 21.11.2024 07:40:21
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Ip Phone 7800 Firmware Version < 14.1\(1\)sr2
Cisco ≫ Ip Phone 7811 Firmware Version < 14.1\(1\)sr2
Cisco ≫ Ip Phone 7821 Firmware Version < 14.1\(1\)sr2
Cisco ≫ Ip Phone 7832 Firmware Version < 14.1\(1\)sr2
Cisco ≫ Ip Phone 7841 Firmware Version < 14.1\(1\)sr2
Cisco ≫ Ip Phone 7861 Firmware Version < 14.1\(1\)sr2
Cisco ≫ Ip Phone 8800 Firmware Version < 14.1\(1\)sr2
Cisco ≫ Ip Phone 8811 Firmware Version < 14.1\(1\)sr2
Cisco ≫ Ip Phone 8821 Firmware Version < 14.1\(1\)sr2
Cisco ≫ Ip Phone 8821-ex Firmware Version < 14.1\(1\)sr2
Cisco ≫ Ip Phone 8831 Firmware Version < 14.1\(1\)sr2
Cisco ≫ Ip Phone 8832 Firmware Version < 14.1\(1\)sr2
Cisco ≫ Ip Phone 8841 Firmware Version < 14.1\(1\)sr2
Cisco ≫ Ip Phone 8845 Firmware Version < 14.1\(1\)sr2
Cisco ≫ Ip Phone 8851 Firmware Version < 14.1\(1\)sr2
Cisco ≫ Ip Phone 8861 Firmware Version < 14.1\(1\)sr2
Cisco ≫ Ip Phone 8865 Firmware Version < 14.1\(1\)sr2
Cisco ≫ Ip Phones 8832 Firmware Version < 14.1\(1\)sr2
Cisco ≫ Unified Ip Phone 8851nr Firmware Version < 14.1\(1\)sr2
Cisco ≫ Unified Ip Phone 8865nr Firmware Version < 14.1\(1\)sr2
Cisco ≫ Wireless Ip Phone 8821 Firmware Version < 11.0\(6\)sr4
Cisco ≫ Wireless Ip Phone 8821-ex Firmware Version < 11.0\(6\)sr4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.209 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
| psirt@cisco.com | 8.6 | 3.9 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
|
CWE-288 Authentication Bypass Using an Alternate Path or Channel
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.