Lucene search

[email protected]NVD:CVE-2023-20018

HistoryJan 20, 2023 - 7:15 a.m.

CVE-2023-20018

2023-01-2007:15:13

CWE-863

CWE-288

[email protected]

web.nvd.nist.gov

cve-2023-20018

web-based management

remote attacker

authentication bypass

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.5%

JSON

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.

Affected configurations

NVD

Node

ciscoip_phone_7800_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phone_7800Match-

Node

ciscoip_phone_7811_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phone_7811Match-

Node

ciscoip_phone_7821_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phone_7821Match-

Node

ciscoip_phone_7832_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phone_7832Match-

Node

ciscoip_phone_7841_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phone_7841Match-

Node

ciscoip_phone_7861_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phone_7861Match-

Node

ciscoip_phone_8800_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phone_8800Match-

Node

ciscoip_phone_8811_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phone_8811Match-

Node

ciscoip_phone_8821_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phone_8821Match-

Node

ciscoip_phone_8821-ex_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phone_8821-exMatch-

Node

ciscoip_phone_8831_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phone_8831Match-

Node

ciscoip_phone_8832_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phone_8832Match-

Node

ciscoip_phone_8841_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phone_8841Match-

Node

ciscoip_phone_8845_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phone_8845Match-

Node

ciscoip_phone_8851_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phone_8851Match-

Node

ciscoip_phone_8861_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phone_8861Match-

Node

ciscoip_phone_8865_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phone_8865Match-

Node

ciscoip_phones_8832_firmwareRange<14.1\(1\)sr2

AND

ciscoip_phones_8832Match-

Node

ciscounified_ip_phone_8851nr_firmwareRange<14.1\(1\)sr2

AND

ciscounified_ip_phone_8851nrMatch-

Node

ciscounified_ip_phone_8865nr_firmwareRange<14.1\(1\)sr2

AND

ciscounified_ip_phone_8865nrMatch-

Node

ciscowireless_ip_phone_8821_firmwareRange<11.0\(6\)sr4

AND

ciscowireless_ip_phone_8821Match-

Node

ciscowireless_ip_phone_8821-ex_firmwareRange<11.0\(6\)sr4

AND

ciscowireless_ip_phone_8821-exMatch-

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

40.5%

JSON

Related for NVD:CVE-2023-20018

cve1 cvelist1 prion1 cisco1 nessus1