Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_CISCO_CVE-2022-20660.NASLHistoryMar 18, 2024 - 12:00 a.m.
Cisco IP Phones Information Disclosure (CVE-2022-20660)
2024-03-1800:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
4
cisco
ip phones
information disclosure
vulnerability
unauthenticated
physical attacker
confidential information
flash memory chips
exploitation
tenable.ot
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
4.6 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.0%
A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device.
This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(502121);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/18");
script_cve_id("CVE-2022-20660");
script_name(english:"Cisco IP Phones Information Disclosure (CVE-2022-20660)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability in the information storage architecture of several
Cisco IP Phone models could allow an unauthenticated, physical
attacker to obtain confidential information from an affected device.
This vulnerability is due to unencrypted storage of confidential
information on an affected device. An attacker could exploit this
vulnerability by physically extracting and accessing one of the flash
memory chips. A successful exploit could allow the attacker to obtain
confidential information from the device, which could be used for
subsequent attacks.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?83486282");
script_set_attribute(attribute:"see_also", value:"http://seclists.org/fulldisclosure/2022/Jan/34");
# http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?18214ce3");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-20660");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(312);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/14");
script_set_attribute(attribute:"patch_publication_date", value:"2022/01/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_7811_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_7821_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_7841_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_7861_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_8811_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_8831_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_8841_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_8845_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_8851_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_8861_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:ip_phone_8865_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_7945g_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_7965g_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_7975g_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_sip_phone_3905_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:wireless_ip_phone_8821-ex_firmware");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:wireless_ip_phone_8821_firmware");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Cisco");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Cisco');
var asset = tenable_ot::assets::get(vendor:'Cisco');
var vuln_cpes = {
"cpe:/o:cisco:ip_phone_7811_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_7821_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_7841_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_7861_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_8811_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_8841_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_8845_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_8851_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_8861_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:ip_phone_8865_firmware" :
{"versionEndExcluding" : "14.1(1)", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_ip_phone_7945g_firmware:-" :
{"family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_ip_phone_7965g_firmware:-" :
{"family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_ip_phone_7975g_firmware:-" :
{"family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_sip_phone_3905_firmware" :
{"versionEndExcluding" : "9.4(1)sr5", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:wireless_ip_phone_8821_firmware" :
{"versionEndExcluding" : "11.0(6)sr2", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:wireless_ip_phone_8821-ex_firmware" :
{"versionEndExcluding" : "11.0(6)sr2", "family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_ip_phone_8831_firmware" :
{"family" : "CiscoIPPhones"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_NOTE);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | ip_phone_7811_firmware | cpe:/o:cisco:ip_phone_7811_firmware | |
| cisco | ip_phone_7821_firmware | cpe:/o:cisco:ip_phone_7821_firmware | |
| cisco | ip_phone_7841_firmware | cpe:/o:cisco:ip_phone_7841_firmware | |
| cisco | ip_phone_7861_firmware | cpe:/o:cisco:ip_phone_7861_firmware | |
| cisco | ip_phone_8811_firmware | cpe:/o:cisco:ip_phone_8811_firmware | |
| cisco | unified_ip_phone_8831_firmware | cpe:/o:cisco:unified_ip_phone_8831_firmware | |
| cisco | ip_phone_8841_firmware | cpe:/o:cisco:ip_phone_8841_firmware | |
| cisco | ip_phone_8845_firmware | cpe:/o:cisco:ip_phone_8845_firmware | |
| cisco | ip_phone_8851_firmware | cpe:/o:cisco:ip_phone_8851_firmware | |
| cisco | ip_phone_8861_firmware | cpe:/o:cisco:ip_phone_8861_firmware |
Related
cve
cve
CVE-2022-20660
2022-01-14 05:15:11
prion
prion
Design/Logic Flaw
2022-01-14 05:15:00
packetstorm
packetstorm
Cisco IP Phone Cleartext Password Storage
2022-01-17 00:00:00
cvelist
cvelist
CVE-2022-20660 Cisco IP Phones Information Disclosure Vulnerability
2022-01-13 00:00:00
cisco
cisco
Cisco IP Phones Information Disclosure Vulnerability
2022-01-12 16:00:00
zdt
zdt
Cisco IP Phone Cleartext Password Storage Vulnerability
2022-01-17 00:00:00
nvd
nvd
CVE-2022-20660
2022-01-14 05:15:11
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
4.6 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.0%
Related for TENABLE_OT_CISCO_CVE-2022-20660.NASL