CVE-2023-20078
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
Affected (17)
Products: Cisco: Ip Phone 6871 Firmware, Ip Phone 6861 Firmware, Ip Phone 6851 Firmware, Ip Phone 6841 Firmware, Ip Phone 6825 Firmware, Ip Phone 7861 Firmware, Ip Phone 7841 Firmware, Ip Phone 7832 Firmware, Ip Phone 7821 Firmware, Ip Phone 7811 Firmware, Ip Phone 8865 Firmware, Ip Phone 8861 Firmware, Ip Phone 8851 Firmware, Ip Phone 8845 Firmware, Ip Phone 8841 Firmware, Ip Phone 8832 Firmware, Ip Phone 8811 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.3.7sr1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 6871 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.3.7sr1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 6861 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.3.7sr1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 6851 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.3.7sr1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 6841 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.3.7sr1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 6825 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.3.7sr1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7861 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.3.7sr1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7841 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.3.7sr1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7832 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.3.7sr1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7821 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.3.7sr1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7811 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.3.7sr1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8865 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.3.7sr1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8861 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.3.7sr1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8851 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.3.7sr1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8845 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.3.7sr1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8841 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.3.7sr1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8832 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Before 11.3.7sr1 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8811 | All versions |
Related CWEs
CWE-121
Stack-based Buffer Overflow
A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
References (2)
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Timeline
No history available yet.