CVE-2023-20221

🗓️ 16 Aug 2023 21:01:05Reported by ciscoType

Vulnerability in Cisco IP Phone web interface allows CSRF attack for Do

Reporter	Title	Published	Views	Family All 12
BDU FSTEC	The vulnerability in the web interface for managing microprogrammed software in Cisco IP Phones 6800, Cisco IP Phone 7800, Cisco IP Phone 8800, and Cisco Video Phone 8875 arises from the manipulation of intersite requests. This allows a perpetrator to perform a CSRF attack and cause a service failure.	21 Aug 202300:00	–	bdu_fstec
Circl	CVE-2023-20221	17 Aug 202302:37	–	circl
Cisco	Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability	16 Aug 202316:00	–	cisco
CNNVD	Cisco IP Phone 跨站请求伪造漏洞	16 Aug 202300:00	–	cnnvd
CVE	CVE-2023-20221	16 Aug 202321:01	–	cve
EUVD	EUVD-2023-24400	3 Oct 202520:07	–	euvd
NVD	CVE-2023-20221	16 Aug 202322:15	–	nvd
OSV	CVE-2023-20221	16 Aug 202322:15	–	osv
Prion	Cross site request forgery (csrf)	16 Aug 202322:15	–	prion
Positive Technologies	PT-2023-4431 · Cisco · Cisco Ip Phone 8800 +3	16 Aug 202300:00	–	ptsecurity

[
  {
    "vendor": "Cisco",
    "product": "Cisco IP Phones with Multiplatform Firmware",
    "versions": [
      {
        "version": "11.3.1 MSR2-6",
        "status": "affected"
      },
      {
        "version": "11.3.1 MSR3-3",
        "status": "affected"
      },
      {
        "version": "11.3.2",
        "status": "affected"
      },
      {
        "version": "11.3.3",
        "status": "affected"
      },
      {
        "version": "11.3.4",
        "status": "affected"
      },
      {
        "version": "11.3.5",
        "status": "affected"
      },
      {
        "version": "11.3.3 MSR1",
        "status": "affected"
      },
      {
        "version": "11.3.6",
        "status": "affected"
      },
      {
        "version": "11-3-1MPPSR4UPG",
        "status": "affected"
      },
      {
        "version": "11.3.7",
        "status": "affected"
      },
      {
        "version": "11-3-1MSR2UPG",
        "status": "affected"
      },
      {
        "version": "11.3.6SR1",
        "status": "affected"
      },
      {
        "version": "11.3.7SR1",
        "status": "affected"
      },
      {
        "version": "11.3.7SR2",
        "status": "affected"
      },
      {
        "version": "11.0.0",
        "status": "affected"
      },
      {
        "version": "11.0.1",
        "status": "affected"
      },
      {
        "version": "11.0.1 MSR1-1",
        "status": "affected"
      },
      {
        "version": "11.0.2",
        "status": "affected"
      },
      {
        "version": "11.1.1",
        "status": "affected"
      },
      {
        "version": "11.1.1 MSR1-1",
        "status": "affected"
      },
      {
        "version": "11.1.1 MSR2-1",
        "status": "affected"
      },
      {
        "version": "11.1.2",
        "status": "affected"
      },
      {
        "version": "11.1.2 MSR1-1",
        "status": "affected"
      },
      {
        "version": "11.1.2 MSR3-1",
        "status": "affected"
      },
      {
        "version": "11.2.1",
        "status": "affected"
      },
      {
        "version": "11.2.2",
        "status": "affected"
      },
      {
        "version": "11.2.3",
        "status": "affected"
      },
      {
        "version": "11.2.3 MSR1-1",
        "status": "affected"
      },
      {
        "version": "11.2.4",
        "status": "affected"
      },
      {
        "version": "11.3.1",
        "status": "affected"
      },
      {
        "version": "11.3.1 MSR1-3",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Cisco",
    "product": "Cisco PhoneOS",
    "versions": [
      {
        "version": "1.0.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
sec	www.sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-csrf-HOCmXW2c

25 Jan 2024 16:58Current

6.9Medium risk

Vulners AI Score6.9

CVSS 3.16.5

EPSS0.0026