2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
4.6 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.0%
A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device.
This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(502121);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/18");
script_cve_id("CVE-2022-20660");
script_name(english:"Cisco IP Phones Information Disclosure (CVE-2022-20660)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability in the information storage architecture of several
Cisco IP Phone models could allow an unauthenticated, physical
attacker to obtain confidential information from an affected device.
This vulnerability is due to unencrypted storage of confidential
information on an affected device. An attacker could exploit this
vulnerability by physically extracting and accessing one of the flash
memory chips. A successful exploit could allow the attacker to obtain
confidential information from the device, which could be used for
subsequent attacks.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?83486282");
script_set_attribute(attribute:"see_also", value:"http://seclists.org/fulldisclosure/2022/Jan/34");
# http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?18214ce3");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-20660");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(312);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/14");
script_set_attribute(attribute:"patch_publication_date", value:"2022/01/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_7811_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_7821_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_7841_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_7861_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_8811_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_8831_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_8841_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_8845_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_8851_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_8861_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_8865_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_7945g_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_7965g_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_7975g_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_sip_phone_3905_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:wireless_ip_phone_8821-ex_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:wireless_ip_phone_8821_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Cisco");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Cisco');
var asset = tenable_ot::assets::get(vendor:'Cisco');
var vuln_cpes = {
"cpe:/o:cisco:ip_phone_7811_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_7821_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_7841_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_7861_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_8811_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_8841_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_8845_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_8851_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_8861_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_8865_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_ip_phone_7945g_firmware:-" :
{"family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_ip_phone_7965g_firmware:-" :
{"family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_ip_phone_7975g_firmware:-" :
{"family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_sip_phone_3905_firmware" :
{"versionEndExcluding" : "9.4(1)sr5", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:wireless_ip_phone_8821_firmware" :
{"versionEndExcluding" : "11.0(6)sr2", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:wireless_ip_phone_8821-ex_firmware" :
{"versionEndExcluding" : "11.0(6)sr2", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_ip_phone_8831_firmware" :
{"family" : "CiscoIPPhones"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_NOTE);
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | ip_phone_7811_firmware | cpe:/o:cisco:ip_phone_7811_firmware | |
cisco | ip_phone_7821_firmware | cpe:/o:cisco:ip_phone_7821_firmware | |
cisco | ip_phone_7841_firmware | cpe:/o:cisco:ip_phone_7841_firmware | |
cisco | ip_phone_7861_firmware | cpe:/o:cisco:ip_phone_7861_firmware | |
cisco | ip_phone_8811_firmware | cpe:/o:cisco:ip_phone_8811_firmware | |
cisco | unified_ip_phone_8831_firmware | cpe:/o:cisco:unified_ip_phone_8831_firmware | |
cisco | ip_phone_8841_firmware | cpe:/o:cisco:ip_phone_8841_firmware | |
cisco | ip_phone_8845_firmware | cpe:/o:cisco:ip_phone_8845_firmware | |
cisco | ip_phone_8851_firmware | cpe:/o:cisco:ip_phone_8851_firmware | |
cisco | ip_phone_8861_firmware | cpe:/o:cisco:ip_phone_8861_firmware |
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
4.6 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.0%