Lucene search

CiscoCVELIST:CVE-2023-20126

HistoryMay 04, 2023 - 12:00 a.m.

CVE-2023-20126 Cisco SPA112 2-Port Phone Adapters Remote Command Execution Vulnerability

2023-05-0400:00:00

CWE-306

cisco

www.cve.org

cisco

spa112

phone adapters

remote

command execution

vulnerability

web-based

management

interface

unauthenticated

remote attacker

arbitrary code

missing authentication

firmware upgrade

exploit

full privileges

firmware updates

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.003

Percentile

71.8%

JSON

A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability.

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Small Business IP Phones ",
    "versions": [
      {
        "version": "n/a",
        "status": "affected"
      }
    ]
  }
]

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.003

Percentile

71.8%

JSON

Related for CVELIST:CVE-2023-20126