5.3

CVE-2025-20336

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.

This vulnerability exists because the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. An attacker could exploit this vulnerability by sending a crafted packet to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information from the device.
Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerCisco
Produkt Cisco Session Initiation Protocol (SIP) Software
Default Statusunknown
Version 12.1(1)SR1
Status affected
Version 11.5(1)
Status affected
Version 10.3(2)
Status affected
Version 10.2(2)
Status affected
Version 10.3(1)
Status affected
Version 10.3(1)SR4
Status affected
Version 11.0(1)
Status affected
Version 10.4(1)SR2 3rd Party
Status affected
Version 11.7(1)
Status affected
Version 12.1(1)
Status affected
Version 11.0(0.7) MPP
Status affected
Version 9.3(4) 3rd Party
Status affected
Version 12.5(1)SR2
Status affected
Version 10.2(1)SR1
Status affected
Version 9.3(4)SR3 3rd Party
Status affected
Version 10.2(1)
Status affected
Version 12.5(1)
Status affected
Version 10.3(1)SR2
Status affected
Version 11-0-1MSR1-1
Status affected
Version 10.4(1) 3rd Party
Status affected
Version 12.5(1)SR1
Status affected
Version 11.5(1)SR1
Status affected
Version 10.1(1)SR2
Status affected
Version 12.0(1)SR2
Status affected
Version 12.6(1)
Status affected
Version 10.3(1.11) 3rd Party
Status affected
Version 12.0(1)
Status affected
Version 12.0(1)SR1
Status affected
Version 9.3(3)
Status affected
Version 12.5(1)SR3
Status affected
Version 10.3(1)SR4b
Status affected
Version 9.3(4)SR1 3rd Party
Status affected
Version 10.3(1)SR5
Status affected
Version 10.1(1.9)
Status affected
Version 10.3(1.9) 3rd Party
Status affected
Version 9.3(4)SR2 3rd Party
Status affected
Version 10.3(1)SR1
Status affected
Version 10.3(1)SR3
Status affected
Version 10.1(1)SR1
Status affected
Version 12.0(1)SR3
Status affected
Version 12.6(1)SR1
Status affected
Version 12.7(1)
Status affected
Version 10.3(1)SR6
Status affected
Version 12.8(1)
Status affected
Version 12.7(1)SR1
Status affected
Version 12.8(1)SR1
Status affected
Version 12.8(1)SR2
Status affected
Version 14.0(1)
Status affected
Version 14.0(1)SR1
Status affected
Version 10.3(1)SR7
Status affected
Version 14.0(1)SR2
Status affected
Version 14.1(1)
Status affected
Version 14.0(1)SR3
Status affected
Version 14.1(1)SR1
Status affected
Version 14.1(1)SR2
Status affected
Version 14.2(1)
Status affected
Version 14.2(1)SR1
Status affected
Version 14.1(1)SR3
Status affected
Version 14.2(1)SR2
Status affected
Version 3.1(1)
Status affected
Version 3.0(1)
Status affected
Version 2.3(1)
Status affected
Version 2.3(1)SR1
Status affected
Version 2.2(1)
Status affected
Version 2.1(1)
Status affected
Version 2.0(1)
Status affected
Version 14.2(1)SR3
Status affected
Version 3.1(1)SR1
Status affected
Version 14.3(1)
Status affected
Version 3.2(1)
Status affected
Version 14.3(1)SR1
Status affected
Version 14.2(1)SR4
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.02% 0.04
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
psirt@cisco.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.