Lucene search

[email protected]NVD:CVE-2023-20078

HistoryMar 03, 2023 - 4:15 p.m.

CVE-2023-20078

2023-03-0316:15:10

CWE-121

CWE-787

[email protected]

web.nvd.nist.gov

cisco

ip phones

web-based management

vulnerabilities

remote attacker

arbitrary code

denial of service

advisory

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.9

Confidence

High

EPSS

0.003

Percentile

69.8%

JSON

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

Affected configurations

Nvd

Node

ciscoip_phone_6871_firmwareRange<11.3.7sr1

AND

ciscoip_phone_6871Match-

Node

ciscoip_phone_6861_firmwareRange<11.3.7sr1

AND

ciscoip_phone_6861Match-

Node

ciscoip_phone_6851_firmwareRange<11.3.7sr1

AND

ciscoip_phone_6851Match-

Node

ciscoip_phone_6841_firmwareRange<11.3.7sr1

AND

ciscoip_phone_6841Match-

Node

ciscoip_phone_6825_firmwareRange<11.3.7sr1

AND

ciscoip_phone_6825Match-

Node

ciscoip_phone_7861_firmwareRange<11.3.7sr1

AND

ciscoip_phone_7861Match-

Node

ciscoip_phone_7841_firmwareRange<11.3.7sr1

AND

ciscoip_phone_7841Match-

Node

ciscoip_phone_7832_firmwareRange<11.3.7sr1

AND

ciscoip_phone_7832Match-

Node

ciscoip_phone_7821_firmwareRange<11.3.7sr1

AND

ciscoip_phone_7821Match-

Node

ciscoip_phone_7811_firmwareRange<11.3.7sr1

AND

ciscoip_phone_7811Match-

Node

ciscoip_phone_8865_firmwareRange<11.3.7sr1

AND

ciscoip_phone_8865Match-

Node

ciscoip_phone_8861_firmwareRange<11.3.7sr1

AND

ciscoip_phone_8861Match-

Node

ciscoip_phone_8851_firmwareRange<11.3.7sr1

AND

ciscoip_phone_8851Match-

Node

ciscoip_phone_8845_firmwareRange<11.3.7sr1

AND

ciscoip_phone_8845Match-

Node

ciscoip_phone_8841_firmwareRange<11.3.7sr1

AND

ciscoip_phone_8841Match-

Node

ciscoip_phone_8832_firmwareRange<11.3.7sr1

AND

ciscoip_phone_8832Match-

Node

ciscoip_phone_8811_firmwareRange<11.3.7sr1

AND

ciscoip_phone_8811Match-

VendorProductVersionCPE
ciscoip_phone_6871_firmware*cpe:2.3:o:cisco:ip_phone_6871_firmware:*:*:*:*:*:*:*:*
ciscoip_phone_6871-cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:*
ciscoip_phone_6861_firmware*cpe:2.3:o:cisco:ip_phone_6861_firmware:*:*:*:*:*:*:*:*
ciscoip_phone_6861-cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*
ciscoip_phone_6851_firmware*cpe:2.3:o:cisco:ip_phone_6851_firmware:*:*:*:*:*:*:*:*
ciscoip_phone_6851-cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:*
ciscoip_phone_6841_firmware*cpe:2.3:o:cisco:ip_phone_6841_firmware:*:*:*:*:*:*:*:*
ciscoip_phone_6841-cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:*
ciscoip_phone_6825_firmware*cpe:2.3:o:cisco:ip_phone_6825_firmware:*:*:*:*:*:*:*:*
ciscoip_phone_6825-cpe:2.3:h:cisco:ip_phone_6825:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	ip_phone_6871_firmware	*	cpe:2.3:o:cisco:ip_phone_6871_firmware::::::::
cisco	ip_phone_6871	-	cpe:2.3:h:cisco:ip_phone_6871:-:::::::*
cisco	ip_phone_6861_firmware	*	cpe:2.3:o:cisco:ip_phone_6861_firmware::::::::
cisco	ip_phone_6861	-	cpe:2.3:h:cisco:ip_phone_6861:-:::::::*
cisco	ip_phone_6851_firmware	*	cpe:2.3:o:cisco:ip_phone_6851_firmware::::::::
cisco	ip_phone_6851	-	cpe:2.3:h:cisco:ip_phone_6851:-:::::::*
cisco	ip_phone_6841_firmware	*	cpe:2.3:o:cisco:ip_phone_6841_firmware::::::::
cisco	ip_phone_6841	-	cpe:2.3:h:cisco:ip_phone_6841:-:::::::*
cisco	ip_phone_6825_firmware	*	cpe:2.3:o:cisco:ip_phone_6825_firmware::::::::
cisco	ip_phone_6825	-	cpe:2.3:h:cisco:ip_phone_6825:-:::::::*