Lucene search

[email protected]CVE-2020-3360

HistoryJun 18, 2020 - 3:15 a.m.

CVE-2020-3360

2020-06-1803:15:14

CWE-200

CWE-863

[email protected]

web.nvd.nist.gov

cisco

ip phones

vulnerability

remote attack

access control

web access

cve-2020-3360

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.8%

JSON

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.

Affected configurations

NVD

Node

ciscounified_ip_phone_6901_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_6901Match-

Node

ciscounified_ip_phone_6961_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_6961Match-

Node

ciscounified_ip_phone_6945_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_6945Match-

Node

ciscounified_ip_phone_6941_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_6941Match-

Node

ciscounified_ip_phone_6921_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_6921Match-

Node

ciscounified_ip_phone_6911_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_6911Match-

Node

ciscounified_ip_phone_7832_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7832Match-

Node

ciscounified_ip_phone_7861_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7861Match-

Node

ciscounified_ip_phone_7841_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7841Match-

Node

ciscounified_ip_phone_7821_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7821Match-

Node

ciscounified_ip_phone_7811_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7811Match-

Node

ciscounified_ip_phone_7937g_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7937gMatch-

Node

ciscounified_ip_phone_7975g_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7975gMatch-

Node

ciscounified_ip_phone_7965g_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7965gMatch-

Node

ciscounified_ip_phone_7962g_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7962gMatch-

Node

ciscounified_ip_phone_7961g_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7961gMatch-

Node

ciscounified_ip_phone_7960g_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7960gMatch-

Node

ciscounified_ip_phone_7945g_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7945gMatch-

Node

ciscounified_ip_phone_7942g_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7942gMatch-

Node

ciscounified_ip_phone_7941g_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7941gMatch-

Node

ciscounified_ip_phone_7940g_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7940gMatch-

Node

ciscounified_ip_phone_7931g_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7931gMatch-

Node

ciscounified_ip_phone_7911g_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7911gMatch-

Node

ciscounified_ip_phone_7906g_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_7906gMatch-

Node

ciscounified_ip_phone_8811_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_8811Match-

Node

ciscounified_ip_phone_8841_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_8841Match-

Node

ciscounified_ip_phone_8845_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_8845Match-

Node

ciscounified_ip_phone_8851_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_8851Match-

Node

ciscounified_ip_phone_8851nr_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_8851nrMatch-

Node

ciscounified_ip_phone_8861_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_8861Match-

Node

ciscounified_ip_phone_8865_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_8865Match-

Node

ciscounified_ip_phone_8865nr_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_8865nrMatch-

Node

ciscounified_ip_phone_8961_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_8961Match-

Node

ciscounified_ip_phone_8945_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_8945Match-

Node

ciscounified_ip_phone_8941_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_8941Match-

Node

ciscounified_ip_phone_9971_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_9971Match-

Node

ciscounified_ip_phone_9951_firmwareRange≤12.8\(1\)

AND

ciscounified_ip_phone_9951Match-

CPENameOperatorVersion
cisco:unified_ip_phone_6901_firmwarecisco unified ip phone 6901 firmwarele12.8\(1\)

CPE	Name	Operator	Version
cisco:unified_ip_phone_6901_firmware	cisco unified ip phone 6901 firmware	le	12.8\(1\)

CNA Affected

[
  {
    "product": "Cisco IP Phone 8800 Series Software ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.8%

JSON

Related for CVE-2020-3360

nessus1 nvd1 cisco1 cvelist1 prion1