← Back

CVE-2022-20817

nvd nist
Published: Jun 15, 2022Modified: Nov 21, 2024

JSON object

Loading...
7.4
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Exploitability: 2.2 / Impact: 5.2
Source: NVD

Description

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.

Affected (11)

Cisco
11 products
Unified Ip Phone 6911 Firmware
Unified Ip Phone 6921 Firmware
Unified Ip Phone 6941 Firmware
Unified Ip Phone 6945 Firmware
Unified Ip Phone 6961 Firmware
Unified Ip Phone 8941 Firmware
Unified Ip Phone 8945 Firmware
Unified Ip Phone 8961 Firmware
Unified Ip Phone 9951 Firmware
Unified Ip Phone 9971 Firmware
Ata 187 Analog Telephone Adapter Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone 6911 Firmware
All versions
Running on/withPlatform Versions
Cisco
Unified Ip Phone 6911
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone 6921 Firmware
All versions
Running on/withPlatform Versions
Cisco
Unified Ip Phone 6921
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone 6941 Firmware
All versions
Running on/withPlatform Versions
Cisco
Unified Ip Phone 6941
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone 6945 Firmware
All versions
Running on/withPlatform Versions
Cisco
Unified Ip Phone 6945
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone 6961 Firmware
All versions
Running on/withPlatform Versions
Cisco
Unified Ip Phone 6961
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone 8941 Firmware
All versions
Running on/withPlatform Versions
Cisco
Unified Ip Phone 8941
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone 8945 Firmware
All versions
Running on/withPlatform Versions
Cisco
Unified Ip Phone 8945
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone 8961 Firmware
All versions
Running on/withPlatform Versions
Cisco
Unified Ip Phone 8961
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone 9951 Firmware
All versions
Running on/withPlatform Versions
Cisco
Unified Ip Phone 9951
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Unified Ip Phone 9971 Firmware
All versions
Running on/withPlatform Versions
Cisco
Unified Ip Phone 9971
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ata 187 Analog Telephone Adapter Firmware
All versions
Running on/withPlatform Versions
Cisco
Ata 187 Analog Telephone Adapter
All versions

Related CWEs

CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.