← Back

CVE-2022-20660

nvd nist
Published: Jan 14, 2022Modified: Nov 21, 2024

JSON object

Loading...
4.6
Vector
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 0.9 / Impact: 3.6
Source: NVD

Description

A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.

Affected (20)

Cisco
20 products
Ip Conference Phone 7832 Firmware
Ip Conference Phone 8832 Firmware
Ip Phone 7811 Firmware
Ip Phone 7821 Firmware
Ip Phone 7841 Firmware
Ip Phone 7861 Firmware
Ip Phone 8811 Firmware
Ip Phone 8841 Firmware
Ip Phone 8845 Firmware
Ip Phone 8851 Firmware
Ip Phone 8861 Firmware
Ip Phone 8865 Firmware
Unified Ip Conference Phone 8831 Firmware
Unified Ip Conference Phone 8831 For Third Party Call Control Firmware
Unified Ip Phone 7945g Firmware
Unified Ip Phone 7965g Firmware
Unified Ip Phone 7975g Firmware
Unified Sip Phone 3905 Firmware
Wireless Ip Phone 8821 Firmware
Wireless Ip Phone 8821 Ex Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Conference Phone 7832 Firmware
Before 14.1\(1\)
Running on/withPlatform Versions
Cisco
Ip Conference Phone 7832
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Conference Phone 8832 Firmware
Before 14.1\(1\)
Running on/withPlatform Versions
Cisco
Ip Conference Phone 8832
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 7811 Firmware
Before 14.1\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 7811
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 7821 Firmware
Before 14.1\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 7821
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 7841 Firmware
Before 14.1\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 7841
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 7861 Firmware
Before 14.1\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 7861
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8811 Firmware
Before 14.1\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 8811
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8841 Firmware
Before 14.1\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 8841
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8845 Firmware
Before 14.1\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 8845
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8851 Firmware
Before 14.1\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 8851
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8861 Firmware
Before 14.1\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 8861
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8865 Firmware
Before 14.1\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 8865
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Conference Phone 8831 Firmware
All versions
Running on/withPlatform Versions
Cisco
Unified Ip Conference Phone 8831
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Conference Phone 8831 For Third Party Call Control Firmware
All versions
Running on/withPlatform Versions
Cisco
Unified Ip Conference Phone 8831 For Third Party Call Control
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone 7945g Firmware
All versions
Running on/withPlatform Versions
Cisco
Unified Ip Phone 7945g
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone 7965g Firmware
All versions
Running on/withPlatform Versions
Cisco
Unified Ip Phone 7965g
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone 7975g Firmware
All versions
Running on/withPlatform Versions
Cisco
Unified Ip Phone 7975g
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Sip Phone 3905 Firmware
Before 9.4\(1\)sr5
Running on/withPlatform Versions
Cisco
Unified Sip Phone 3905
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wireless Ip Phone 8821 Firmware
Before 11.0\(6\)sr2
Running on/withPlatform Versions
Cisco
Wireless Ip Phone 8821
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Wireless Ip Phone 8821 Ex Firmware
Before 11.0\(6\)sr2
Running on/withPlatform Versions
Cisco
Wireless Ip Phone 8821 Ex
All versions

Related CWEs

CWE-312
Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (6)

Source: psirt@cisco.com
ExploitThird Party AdvisoryVDB Entry
Source: psirt@cisco.com
Mailing ListThird Party Advisory
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.