Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_CISCO_CVE-2022-20817.NASL
HistoryMar 18, 2024 - 12:00 a.m.

Cisco IP Phones Duplicate Key (CVE-2022-20817)

2024-03-1800:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
cisco unified ip phones
remote attacker
impersonation
cisco unified communications manager
key generation
manufacturing process
machine-in-the-middle attack
secure communication
vulnerability workaround
tenable.ot
scanner

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

57.1%

JSON

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user’s phone if the Cisco Unified Communications Manager (CUCM) is in secure mode.
This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user’s phone.
This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(502106);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/18");

  script_cve_id("CVE-2022-20817");

  script_name(english:"Cisco IP Phones Duplicate Key (CVE-2022-20817)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability in Cisco Unified IP Phones could allow an
unauthenticated, remote attacker to impersonate another user's phone
if the Cisco Unified Communications Manager (CUCM) is in secure mode.
This vulnerability is due to improper key generation during the
manufacturing process that could result in duplicated manufactured
keys installed on multiple devices. An attacker could exploit this
vulnerability by performing a machine-in-the-middle attack on the
secure communication between the phone and the CUCM. A successful
exploit could allow the attacker to impersonate another user's phone.
This vulnerability cannot be addressed with software updates. There is
a workaround that addresses this vulnerability.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  # https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cc9aaaef");
  script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-20817");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(338);

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/06/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/18");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_6911_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_6921_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_6941_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_6945_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_6961_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_8941_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_8945_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_8961_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_9951_firmware:-");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:cisco:unified_ip_phone_9971_firmware:-");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Cisco");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Cisco');

var asset = tenable_ot::assets::get(vendor:'Cisco');

var vuln_cpes = {
    "cpe:/o:cisco:unified_ip_phone_6911_firmware:-" :
        {"family" : "CiscoIPPhones"},
    "cpe:/o:cisco:unified_ip_phone_6921_firmware:-" :
        {"family" : "CiscoIPPhones"},
    "cpe:/o:cisco:unified_ip_phone_6941_firmware:-" :
        {"family" : "CiscoIPPhones"},
    "cpe:/o:cisco:unified_ip_phone_6945_firmware:-" :
        {"family" : "CiscoIPPhones"},
    "cpe:/o:cisco:unified_ip_phone_6961_firmware:-" :
        {"family" : "CiscoIPPhones"},
    "cpe:/o:cisco:unified_ip_phone_8941_firmware:-" :
        {"family" : "CiscoIPPhones"},
    "cpe:/o:cisco:unified_ip_phone_8945_firmware:-" :
        {"family" : "CiscoIPPhones"},
    "cpe:/o:cisco:unified_ip_phone_8961_firmware:-" :
        {"family" : "CiscoIPPhones"},
    "cpe:/o:cisco:unified_ip_phone_9951_firmware:-" :
        {"family" : "CiscoIPPhones"},
    "cpe:/o:cisco:unified_ip_phone_9971_firmware:-" :
        {"family" : "CiscoIPPhones"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

Related

prion 1
cisco 1
cvelist 1
cve 1
nvd 1
cnvd 1
prion
prion
Design/Logic Flaw
2022-06-15 18:15:00
cisco
cisco
Cisco IP Phone Duplicate Key Vulnerability
2022-06-15 16:00:00
cvelist
cvelist
CVE-2022-20817 Cisco IP Phone Duplicate Key Vulnerability
2022-06-15 17:55:32
cve
cve
CVE-2022-20817
2022-06-15 18:15:08
nvd
nvd
CVE-2022-20817
2022-06-15 18:15:08
cnvd
cnvd
Cisco Unified IP Phones Security Feature Issue Vulnerability
2022-06-17 00:00:00

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

57.1%

JSON
Related for TENABLE_OT_CISCO_CVE-2022-20817.NASL
prion1cisco1cvelist1cve1nvd1cnvd1