CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
57.1%
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user’s phone if the Cisco Unified Communications Manager (CUCM) is in secure mode.
This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user’s phone.
This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(502106);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/18");
script_cve_id("CVE-2022-20817");
script_name(english:"Cisco IP Phones Duplicate Key (CVE-2022-20817)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"A vulnerability in Cisco Unified IP Phones could allow an
unauthenticated, remote attacker to impersonate another user's phone
if the Cisco Unified Communications Manager (CUCM) is in secure mode.
This vulnerability is due to improper key generation during the
manufacturing process that could result in duplicated manufactured
keys installed on multiple devices. An attacker could exploit this
vulnerability by performing a machine-in-the-middle attack on the
secure communication between the phone and the CUCM. A successful
exploit could allow the attacker to impersonate another user's phone.
This vulnerability cannot be addressed with software updates. There is
a workaround that addresses this vulnerability.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cc9aaaef");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-20817");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(338);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/15");
script_set_attribute(attribute:"patch_publication_date", value:"2022/06/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/18");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_6911_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_6921_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_6941_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_6945_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_6961_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_8941_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_8945_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_8961_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_9951_firmware:-");
script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_9971_firmware:-");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/Cisco");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/Cisco');
var asset = tenable_ot::assets::get(vendor:'Cisco');
var vuln_cpes = {
"cpe:/o:cisco:unified_ip_phone_6911_firmware:-" :
{"family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_ip_phone_6921_firmware:-" :
{"family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_ip_phone_6941_firmware:-" :
{"family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_ip_phone_6945_firmware:-" :
{"family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_ip_phone_6961_firmware:-" :
{"family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_ip_phone_8941_firmware:-" :
{"family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_ip_phone_8945_firmware:-" :
{"family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_ip_phone_8961_firmware:-" :
{"family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_ip_phone_9951_firmware:-" :
{"family" : "CiscoIPPhones"},
"cpe:/o:cisco:unified_ip_phone_9971_firmware:-" :
{"family" : "CiscoIPPhones"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
57.1%