Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-20774
HistoryApr 06, 2022 - 7:15 p.m.

CVE-2022-20774

2022-04-0619:15:08
CWE-345
CWE-352
[email protected]
web.nvd.nist.gov
63
cisco
ip phone
csrf
vulnerability
web-based management
denial of service
cisco ip phone 6800
cisco ip phone 7800
cisco ip phone 8800

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.

Affected configurations

NVD
Node
ciscoip_phone_6871_firmwareRange<11.3.5
AND
ciscoip_phone_6871Match-
Node
ciscoip_phone_6861_firmwareRange<11.3.5
AND
ciscoip_phone_6861Match-
Node
ciscoip_phone_6851_firmwareRange<11.3.5
AND
ciscoip_phone_6851Match-
Node
ciscoip_phone_6841_firmwareRange<11.3.5
AND
ciscoip_phone_6841Match-
Node
ciscoip_phone_6825_firmwareRange<11.3.5
AND
ciscoip_phone_6825Match-
Node
ciscoip_phone_7861_firmwareRange<11.3.5
AND
ciscoip_phone_7861Match-
Node
ciscoip_phone_7841_firmwareRange<11.3.5
AND
ciscoip_phone_7841Match-
Node
ciscoip_phone_7832Match-
AND
ciscoip_phone_7832_firmwareRange<11.3.5
Node
ciscoip_phone_7821Match-
AND
ciscoip_phone_7821_firmwareRange<11.3.5
Node
ciscoip_phone_7811Match-
AND
ciscoip_phone_7811_firmwareRange<11.3.5
Node
ciscoip_phone_8865Match-
AND
ciscoip_phone_8865_firmwareRange<11.3.5
Node
ciscoip_phone_8861Match-
AND
ciscoip_phone_8861_firmwareRange<11.3.5
Node
ciscoip_phone_8851Match-
AND
ciscoip_phone_8851_firmwareRange<11.3.5
Node
ciscoip_phone_8845Match-
AND
ciscoip_phone_8845_firmwareRange<11.3.5
Node
ciscoip_phone_8841Match-
AND
ciscoip_phone_8841_firmwareRange<11.3.5
Node
ciscoip_phone_8832Match-
AND
ciscoip_phone_8832_firmwareRange<11.3.5
Node
ciscoip_phone_8811Match-
AND
ciscoip_phone_8811_firmwareRange<11.3.5

CNA Affected

[
  {
    "product": "Cisco IP Phone 7800 Series with Multiplatform Firmware ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

Related

nvd 1
cvelist 1
prion 1
nessus 1
cisco 1
nvd
nvd
CVE-2022-20774
2022-04-06 19:15:08
cvelist
cvelist
CVE-2022-20774 Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability
2022-04-06 00:00:00
prion
prion
Cross site request forgery (csrf)
2022-04-06 19:15:00
nessus
nessus
Cisco IP Phones 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery (CVE-2022-20774)
2024-03-18 00:00:00
cisco
cisco
Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability
2022-04-06 16:00:00

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.5%

JSON
Related for CVE-2022-20774
nvd1cvelist1prion1nessus1cisco1