CVE-2020-3360
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD
Description
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
Affected (37)
Products: Cisco: Unified Ip Phone 6901 Firmware, Unified Ip Phone 6961 Firmware, Unified Ip Phone 6945 Firmware, Unified Ip Phone 6941 Firmware, Unified Ip Phone 6921 Firmware, Unified Ip Phone 6911 Firmware, Unified Ip Phone 7832 Firmware, Unified Ip Phone 7861 Firmware, Unified Ip Phone 7841 Firmware, Unified Ip Phone 7821 Firmware, Unified Ip Phone 7811 Firmware, Unified Ip Phone 7937g Firmware, Unified Ip Phone 7975g Firmware, Unified Ip Phone 7965g Firmware, Unified Ip Phone 7962g Firmware, Unified Ip Phone 7961g Firmware, Unified Ip Phone 7960g Firmware, Unified Ip Phone 7945g Firmware, Unified Ip Phone 7942g Firmware, Unified Ip Phone 7941g Firmware, Unified Ip Phone 7940g Firmware, Unified Ip Phone 7931g Firmware, Unified Ip Phone 7911g Firmware, Unified Ip Phone 7906g Firmware, Unified Ip Phone 8811 Firmware, Unified Ip Phone 8841 Firmware, Unified Ip Phone 8845 Firmware, Unified Ip Phone 8851 Firmware, Unified Ip Phone 8851nr Firmware, Unified Ip Phone 8861 Firmware, Unified Ip Phone 8865 Firmware, Unified Ip Phone 8865nr Firmware, Unified Ip Phone 8961 Firmware, Unified Ip Phone 8945 Firmware, Unified Ip Phone 8941 Firmware, Unified Ip Phone 9971 Firmware, Unified Ip Phone 9951 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 6901 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 6961 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 6945 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 6941 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 6921 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 6911 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7832 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7861 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7841 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7821 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7811 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7937g | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7975g | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7965g | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7962g | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7961g | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7960g | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7945g | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7942g | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7941g | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7940g | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7931g | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7911g | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 7906g | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 8811 | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 8841 | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 8845 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 8851 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 8851nr | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 8861 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 8865 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 8865nr | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 8961 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 8945 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 8941 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 9971 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 12.8\(1\) |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 9951 | All versions |
Related CWEs
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.