Lucene search

[email protected]NVD:CVE-2022-20660

HistoryJan 14, 2022 - 5:15 a.m.

CVE-2022-20660

2022-01-1405:15:11

CWE-312

[email protected]

web.nvd.nist.gov

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

41.0%

JSON

A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.

Affected configurations

NVD

Node

ciscoip_conference_phone_7832Match-

AND

ciscoip_conference_phone_7832_firmwareRange<14.1\(1\)

Node

ciscoip_conference_phone_8832Match-

AND

ciscoip_conference_phone_8832_firmwareRange<14.1\(1\)

Node

ciscoip_phone_7811Match-

AND

ciscoip_phone_7811_firmwareRange<14.1\(1\)

Node

ciscoip_phone_7821Match-

AND

ciscoip_phone_7821_firmwareRange<14.1\(1\)

Node

ciscoip_phone_7841Match-

AND

ciscoip_phone_7841_firmwareRange<14.1\(1\)

Node

ciscoip_phone_7861Match-

AND

ciscoip_phone_7861_firmwareRange<14.1\(1\)

Node

ciscoip_phone_8811Match-

AND

ciscoip_phone_8811_firmwareRange<14.1\(1\)

Node

ciscoip_phone_8841Match-

AND

ciscoip_phone_8841_firmwareRange<14.1\(1\)

Node

ciscoip_phone_8845_firmwareRange<14.1\(1\)

AND

ciscoip_phone_8845Match-

Node

ciscoip_phone_8851_firmwareRange<14.1\(1\)

AND

ciscoip_phone_8851Match-

Node

ciscoip_phone_8861_firmwareRange<14.1\(1\)

AND

ciscoip_phone_8861Match-

Node

ciscoip_phone_8865_firmwareRange<14.1\(1\)

AND

ciscoip_phone_8865Match-

Node

ciscounified_ip_conference_phone_8831_firmwareMatch-

AND

ciscounified_ip_conference_phone_8831Match-

Node

ciscounified_ip_conference_phone_8831_for_third-party_call_control_firmwareMatch-

AND

ciscounified_ip_conference_phone_8831_for_third-party_call_controlMatch-

Node

ciscounified_ip_phone_7945g_firmwareMatch-

AND

ciscounified_ip_phone_7945gMatch-

Node

ciscounified_ip_phone_7965g_firmwareMatch-

AND

ciscounified_ip_phone_7965gMatch-

Node

ciscounified_ip_phone_7975g_firmwareMatch-

AND

ciscounified_ip_phone_7975gMatch-

Node

ciscounified_sip_phone_3905_firmwareRange<9.4\(1\)sr5

AND

ciscounified_sip_phone_3905Match-

Node

ciscowireless_ip_phone_8821_firmwareRange<11.0\(6\)sr2

AND

ciscowireless_ip_phone_8821Match-

Node

ciscowireless_ip_phone_8821-ex_firmwareRange<11.0\(6\)sr2

AND

ciscowireless_ip_phone_8821-exMatch-

References

packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html

seclists.org/fulldisclosure/2022/Jan/34

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

4.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

41.0%

JSON

Related for NVD:CVE-2022-20660

nessus1 cvelist1 cisco1 packetstorm1 cve1 prion1 zdt1