Lucene search

[email protected]NVD:CVE-2022-20774

HistoryApr 06, 2022 - 7:15 p.m.

CVE-2022-20774

2022-04-0619:15:08

CWE-345

CWE-352

[email protected]

web.nvd.nist.gov

cisco ip phone

csrf vulnerability

multiplatform firmware

dos

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

33.4%

JSON

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.

Affected configurations

Nvd

Node

ciscoip_phone_6871_firmwareRange<11.3.5

AND

ciscoip_phone_6871Match-

Node

ciscoip_phone_6861_firmwareRange<11.3.5

AND

ciscoip_phone_6861Match-

Node

ciscoip_phone_6851_firmwareRange<11.3.5

AND

ciscoip_phone_6851Match-

Node

ciscoip_phone_6841_firmwareRange<11.3.5

AND

ciscoip_phone_6841Match-

Node

ciscoip_phone_6825_firmwareRange<11.3.5

AND

ciscoip_phone_6825Match-

Node

ciscoip_phone_7861_firmwareRange<11.3.5

AND

ciscoip_phone_7861Match-

Node

ciscoip_phone_7841_firmwareRange<11.3.5

AND

ciscoip_phone_7841Match-

Node

ciscoip_phone_7832Match-

AND

ciscoip_phone_7832_firmwareRange<11.3.5

Node

ciscoip_phone_7821Match-

AND

ciscoip_phone_7821_firmwareRange<11.3.5

Node

ciscoip_phone_7811Match-

AND

ciscoip_phone_7811_firmwareRange<11.3.5

Node

ciscoip_phone_8865Match-

AND

ciscoip_phone_8865_firmwareRange<11.3.5

Node

ciscoip_phone_8861Match-

AND

ciscoip_phone_8861_firmwareRange<11.3.5

Node

ciscoip_phone_8851Match-

AND

ciscoip_phone_8851_firmwareRange<11.3.5

Node

ciscoip_phone_8845Match-

AND

ciscoip_phone_8845_firmwareRange<11.3.5

Node

ciscoip_phone_8841Match-

AND

ciscoip_phone_8841_firmwareRange<11.3.5

Node

ciscoip_phone_8832Match-

AND

ciscoip_phone_8832_firmwareRange<11.3.5

Node

ciscoip_phone_8811Match-

AND

ciscoip_phone_8811_firmwareRange<11.3.5

VendorProductVersionCPE
ciscoip_phone_6871_firmware*cpe:2.3:o:cisco:ip_phone_6871_firmware:*:*:*:*:*:*:*:*
ciscoip_phone_6871-cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:*
ciscoip_phone_6861_firmware*cpe:2.3:o:cisco:ip_phone_6861_firmware:*:*:*:*:*:*:*:*
ciscoip_phone_6861-cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*
ciscoip_phone_6851_firmware*cpe:2.3:o:cisco:ip_phone_6851_firmware:*:*:*:*:*:*:*:*
ciscoip_phone_6851-cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:*
ciscoip_phone_6841_firmware*cpe:2.3:o:cisco:ip_phone_6841_firmware:*:*:*:*:*:*:*:*
ciscoip_phone_6841-cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:*
ciscoip_phone_6825_firmware*cpe:2.3:o:cisco:ip_phone_6825_firmware:*:*:*:*:*:*:*:*
ciscoip_phone_6825-cpe:2.3:h:cisco:ip_phone_6825:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ip_phone_6871_firmware	*	cpe:2.3:o:cisco:ip_phone_6871_firmware::::::::
cisco	ip_phone_6871	-	cpe:2.3:h:cisco:ip_phone_6871:-:::::::*
cisco	ip_phone_6861_firmware	*	cpe:2.3:o:cisco:ip_phone_6861_firmware::::::::
cisco	ip_phone_6861	-	cpe:2.3:h:cisco:ip_phone_6861:-:::::::*
cisco	ip_phone_6851_firmware	*	cpe:2.3:o:cisco:ip_phone_6851_firmware::::::::
cisco	ip_phone_6851	-	cpe:2.3:h:cisco:ip_phone_6851:-:::::::*
cisco	ip_phone_6841_firmware	*	cpe:2.3:o:cisco:ip_phone_6841_firmware::::::::
cisco	ip_phone_6841	-	cpe:2.3:h:cisco:ip_phone_6841:-:::::::*
cisco	ip_phone_6825_firmware	*	cpe:2.3:o:cisco:ip_phone_6825_firmware::::::::
cisco	ip_phone_6825	-	cpe:2.3:h:cisco:ip_phone_6825:-:::::::*

Rows per page:

1-10 of 341

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-csrf-K56vXvVx

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

33.4%

JSON

Related for NVD:CVE-2022-20774

cvelist1 cve1 nessus1 prion1 cisco1