Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_CISCO_CVE-2020-3360.NASL
HistoryMar 18, 2024 - 12:00 a.m.

Cisco IP Phones Call Log Information Disclosure (CVE-2020-3360)

2024-03-1800:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
cisco ip phones
vulnerability
sensitive information
access controls
remote attackers
web interface
call logs
tenable.ot

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.8%

JSON

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(502131);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/18");

  script_cve_id("CVE-2020-3360");

  script_name(english:"Cisco IP Phones Call Log Information Disclosure (CVE-2020-3360)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in the Web Access feature of Cisco IP Phones Series
7800 and Series 8800 could allow an unauthenticated, remote attacker
to view sensitive information on an affected device. The vulnerability
is due to improper access controls on the web-based management
interface of an affected device. An attacker could exploit this
vulnerability by sending malicious requests to the device, which could
allow the attacker to bypass access restrictions. A successful attack
could allow the attacker to view sensitive information, including
device call logs that contain names, usernames, and phone numbers of
users of the device.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c355c848");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3360");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(863);

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/06/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/18");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_6900_series_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_7800_series_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_7900_series_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_8800_series_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_8900_series_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_9900_series_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Cisco");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Cisco');

var asset = tenable_ot::assets::get(vendor:'Cisco');

var vuln_cpes = {
    "cpe:/o:cisco:unified_ip_phone_6900_series_firmware" :
        {"versionEndIncluding" : "12.8(1)", "family" : "CiscoIPPhones"},
    "cpe:/o:cisco:unified_ip_phone_7800_series_firmware" :
        {"versionEndIncluding" : "12.8(1)", "family" : "CiscoIPPhones"},
    "cpe:/o:cisco:unified_ip_phone_7900_series_firmware" :
        {"versionEndIncluding" : "12.8(1)", "family" : "CiscoIPPhones"},
    "cpe:/o:cisco:unified_ip_phone_8800_series_firmware" :
        {"versionEndIncluding" : "12.8(1)", "family" : "CiscoIPPhones"},
    "cpe:/o:cisco:unified_ip_phone_8900_series_firmware" :
        {"versionEndIncluding" : "12.8(1)", "family" : "CiscoIPPhones"},
    "cpe:/o:cisco:unified_ip_phone_9900_series_firmware" :
        {"versionEndIncluding" : "12.8(1)", "family" : "CiscoIPPhones"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
VendorProductVersionCPE
ciscounified_ip_phone_6900_series_firmwarecpe:/o:cisco:unified_ip_phone_6900_series_firmware
ciscounified_ip_phone_7800_series_firmwarecpe:/o:cisco:unified_ip_phone_7800_series_firmware
ciscounified_ip_phone_7900_series_firmwarecpe:/o:cisco:unified_ip_phone_7900_series_firmware
ciscounified_ip_phone_8800_series_firmwarecpe:/o:cisco:unified_ip_phone_8800_series_firmware
ciscounified_ip_phone_8900_series_firmwarecpe:/o:cisco:unified_ip_phone_8900_series_firmware
ciscounified_ip_phone_9900_series_firmwarecpe:/o:cisco:unified_ip_phone_9900_series_firmware

Related

cve 1
nvd 1
cisco 1
prion 1
cvelist 1
cve
cve
CVE-2020-3360
2020-06-18 03:15:14
nvd
nvd
CVE-2020-3360
2020-06-18 03:15:14
cisco
cisco
Cisco IP Phones Call Log Information Disclosure Vulnerability
2020-06-17 16:00:00
prion
prion
Improper access control
2020-06-18 03:15:00
cvelist
cvelist
CVE-2020-3360 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability
2020-06-17 00:00:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.8%

JSON
Related for TENABLE_OT_CISCO_CVE-2020-3360.NASL
cve1nvd1cisco1prion1cvelist1