Lucene search

[email protected]NVD:CVE-2022-20817

HistoryJun 15, 2022 - 6:15 p.m.

CVE-2022-20817

2022-06-1518:15:08

CWE-338

[email protected]

web.nvd.nist.gov

cisco unified ip phones

remote attacker

impersonation

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

57.1%

JSON

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user’s phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user’s phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.

Affected configurations

Nvd

Node

ciscounified_ip_phone_6911Match-

AND

ciscounified_ip_phone_6911_firmwareMatch-

Node

ciscounified_ip_phone_6921Match-

AND

ciscounified_ip_phone_6921_firmwareMatch-

Node

ciscounified_ip_phone_6941Match-

AND

ciscounified_ip_phone_6941_firmwareMatch-

Node

ciscounified_ip_phone_6945Match-

AND

ciscounified_ip_phone_6945_firmwareMatch-

Node

ciscounified_ip_phone_6961Match-

AND

ciscounified_ip_phone_6961_firmwareMatch-

Node

ciscounified_ip_phone_8941Match-

AND

ciscounified_ip_phone_8941_firmwareMatch-

Node

ciscounified_ip_phone_8945Match-

AND

ciscounified_ip_phone_8945_firmwareMatch-

Node

ciscounified_ip_phone_8961Match-

AND

ciscounified_ip_phone_8961_firmwareMatch-

Node

ciscounified_ip_phone_9951_firmwareMatch-

AND

ciscounified_ip_phone_9951Match-

Node

ciscounified_ip_phone_9971_firmwareMatch-

AND

ciscounified_ip_phone_9971Match-

Node

ciscoata_187_analog_telephone_adapter_firmware

AND

ciscoata_187_analog_telephone_adapterMatch-

VendorProductVersionCPE
ciscounified_ip_phone_6911-cpe:2.3:h:cisco:unified_ip_phone_6911:-:*:*:*:*:*:*:*
ciscounified_ip_phone_6911_firmware-cpe:2.3:o:cisco:unified_ip_phone_6911_firmware:-:*:*:*:*:*:*:*
ciscounified_ip_phone_6921-cpe:2.3:h:cisco:unified_ip_phone_6921:-:*:*:*:*:*:*:*
ciscounified_ip_phone_6921_firmware-cpe:2.3:o:cisco:unified_ip_phone_6921_firmware:-:*:*:*:*:*:*:*
ciscounified_ip_phone_6941-cpe:2.3:h:cisco:unified_ip_phone_6941:-:*:*:*:*:*:*:*
ciscounified_ip_phone_6941_firmware-cpe:2.3:o:cisco:unified_ip_phone_6941_firmware:-:*:*:*:*:*:*:*
ciscounified_ip_phone_6945-cpe:2.3:h:cisco:unified_ip_phone_6945:-:*:*:*:*:*:*:*
ciscounified_ip_phone_6945_firmware-cpe:2.3:o:cisco:unified_ip_phone_6945_firmware:-:*:*:*:*:*:*:*
ciscounified_ip_phone_6961-cpe:2.3:h:cisco:unified_ip_phone_6961:-:*:*:*:*:*:*:*
ciscounified_ip_phone_6961_firmware-cpe:2.3:o:cisco:unified_ip_phone_6961_firmware:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_ip_phone_6911	-	cpe:2.3:h:cisco:unified_ip_phone_6911:-:::::::*
cisco	unified_ip_phone_6911_firmware	-	cpe:2.3:o:cisco:unified_ip_phone_6911_firmware:-:::::::*
cisco	unified_ip_phone_6921	-	cpe:2.3:h:cisco:unified_ip_phone_6921:-:::::::*
cisco	unified_ip_phone_6921_firmware	-	cpe:2.3:o:cisco:unified_ip_phone_6921_firmware:-:::::::*
cisco	unified_ip_phone_6941	-	cpe:2.3:h:cisco:unified_ip_phone_6941:-:::::::*
cisco	unified_ip_phone_6941_firmware	-	cpe:2.3:o:cisco:unified_ip_phone_6941_firmware:-:::::::*
cisco	unified_ip_phone_6945	-	cpe:2.3:h:cisco:unified_ip_phone_6945:-:::::::*
cisco	unified_ip_phone_6945_firmware	-	cpe:2.3:o:cisco:unified_ip_phone_6945_firmware:-:::::::*
cisco	unified_ip_phone_6961	-	cpe:2.3:h:cisco:unified_ip_phone_6961:-:::::::*
cisco	unified_ip_phone_6961_firmware	-	cpe:2.3:o:cisco:unified_ip_phone_6961_firmware:-:::::::*

Rows per page:

1-10 of 221

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS

0.002

Percentile

57.1%

JSON

Related for NVD:CVE-2022-20817

prion1 cisco1 cvelist1 cve1 cnvd1 nessus1