CVE-2023-20018
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Exploitability: 3.9 / Impact: 2.5
Source: NVD
Description
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.
Affected (22)
Products: Cisco: Ip Phone 7800 Firmware, Ip Phone 7811 Firmware, Ip Phone 7821 Firmware, Ip Phone 7832 Firmware, Ip Phone 7841 Firmware, Ip Phone 7861 Firmware, Ip Phone 8800 Firmware, Ip Phone 8811 Firmware, Ip Phone 8821 Firmware, Ip Phone 8821 Ex Firmware, Ip Phone 8831 Firmware, Ip Phone 8832 Firmware, Ip Phone 8841 Firmware, Ip Phone 8845 Firmware, Ip Phone 8851 Firmware, Ip Phone 8861 Firmware, Ip Phone 8865 Firmware, Ip Phones 8832 Firmware, Unified Ip Phone 8851nr Firmware, Unified Ip Phone 8865nr Firmware, Wireless Ip Phone 8821 Firmware, Wireless Ip Phone 8821 Ex Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7800 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7811 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7821 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7832 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7841 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7861 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8800 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8811 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8821 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8821 Ex | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8831 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8832 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8841 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8845 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8851 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8861 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8865 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phones 8832 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 8851nr | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Before 14.1\(1\)sr2 |
| Running on/with | Platform Versions |
|---|---|
Cisco Unified Ip Phone 8865nr | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.0\(6\)sr4 |
| Running on/with | Platform Versions |
|---|---|
Cisco Wireless Ip Phone 8821 | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.0\(6\)sr4 |
| Running on/with | Platform Versions |
|---|---|
Cisco Wireless Ip Phone 8821 Ex | All versions |
Related CWEs
CWE-288
Authentication Bypass Using an Alternate Path or Channel
A product requires authentication, but the product has an alternate path or channel that does not require authentication.
CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.