Lucene search

K
cvelistCiscoCVELIST:CVE-2023-20218
HistoryAug 03, 2023 - 9:20 p.m.

CVE-2023-20218

2023-08-0321:20:29
cisco
www.cve.org
5
cisco
spa500 series
unauthorized access
web-based management
user-supplied input
client-side attacks
software updates

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

EPSS

0.001

Percentile

37.2%

A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user’s browser.

This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.

Cisco will not release software updates that address this vulnerability.

{{value}} [“%7b%7bvalue%7d%7d”])}]]

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco Small Business IP Phones",
    "versions": [
      {
        "version": "7.6.0",
        "status": "affected"
      },
      {
        "version": "7.6.2",
        "status": "affected"
      },
      {
        "version": "7.6.2SR3",
        "status": "affected"
      },
      {
        "version": "7.6.2SR6",
        "status": "affected"
      },
      {
        "version": "7.6.2SR2",
        "status": "affected"
      },
      {
        "version": "7.6.2SR4",
        "status": "affected"
      },
      {
        "version": "7.6.2SR1",
        "status": "affected"
      },
      {
        "version": "7.6.2SR5",
        "status": "affected"
      },
      {
        "version": "7.6.2SR7",
        "status": "affected"
      },
      {
        "version": "7.6.1",
        "status": "affected"
      },
      {
        "version": "7.3.7",
        "status": "affected"
      },
      {
        "version": "7.5.5",
        "status": "affected"
      },
      {
        "version": "7.5.6(XU)",
        "status": "affected"
      },
      {
        "version": "7.5.2",
        "status": "affected"
      },
      {
        "version": "7.5.2a",
        "status": "affected"
      },
      {
        "version": "7.5.7",
        "status": "affected"
      },
      {
        "version": "7.5.3",
        "status": "affected"
      },
      {
        "version": "7.5.6",
        "status": "affected"
      },
      {
        "version": "7.5.2b",
        "status": "affected"
      },
      {
        "version": "7.5.6c",
        "status": "affected"
      },
      {
        "version": "7.5.6a",
        "status": "affected"
      },
      {
        "version": "7.5.7s",
        "status": "affected"
      },
      {
        "version": "7.5.1",
        "status": "affected"
      },
      {
        "version": "7.5.5a",
        "status": "affected"
      },
      {
        "version": "7.5.5b",
        "status": "affected"
      },
      {
        "version": "7.5.4",
        "status": "affected"
      },
      {
        "version": "7.4.7",
        "status": "affected"
      },
      {
        "version": "7.4.4",
        "status": "affected"
      },
      {
        "version": "7.4.8",
        "status": "affected"
      },
      {
        "version": "7.4.3",
        "status": "affected"
      },
      {
        "version": "7.4.9",
        "status": "affected"
      },
      {
        "version": "7.4.6",
        "status": "affected"
      }
    ]
  }
]

CVSS3

5.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

EPSS

0.001

Percentile

37.2%

Related for CVELIST:CVE-2023-20218