Lucene search

[email protected]CVE-2022-20817

HistoryJun 15, 2022 - 6:15 p.m.

CVE-2022-20817

2022-06-1518:15:08

CWE-338

[email protected]

web.nvd.nist.gov

cve-2022-20817

cisco

ip phone

vulnerability

impersonation

cucm

nvd

security

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.5%

JSON

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user’s phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user’s phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.

Affected configurations

NVD

Node

ciscounified_ip_phone_6911Match-

AND

ciscounified_ip_phone_6911_firmwareMatch-

Node

ciscounified_ip_phone_6921Match-

AND

ciscounified_ip_phone_6921_firmwareMatch-

Node

ciscounified_ip_phone_6941Match-

AND

ciscounified_ip_phone_6941_firmwareMatch-

Node

ciscounified_ip_phone_6945Match-

AND

ciscounified_ip_phone_6945_firmwareMatch-

Node

ciscounified_ip_phone_6961Match-

AND

ciscounified_ip_phone_6961_firmwareMatch-

Node

ciscounified_ip_phone_8941Match-

AND

ciscounified_ip_phone_8941_firmwareMatch-

Node

ciscounified_ip_phone_8945Match-

AND

ciscounified_ip_phone_8945_firmwareMatch-

Node

ciscounified_ip_phone_8961Match-

AND

ciscounified_ip_phone_8961_firmwareMatch-

Node

ciscounified_ip_phone_9951_firmwareMatch-

AND

ciscounified_ip_phone_9951Match-

Node

ciscounified_ip_phone_9971_firmwareMatch-

AND

ciscounified_ip_phone_9971Match-

Node

ciscoata_187_analog_telephone_adapter_firmware

AND

ciscoata_187_analog_telephone_adapterMatch-

CPENameOperatorVersion
cisco:unified_ip_phone_6911_firmwarecisco unified ip phone 6911 firmwareeq-

CPE	Name	Operator	Version
cisco:unified_ip_phone_6911_firmware	cisco unified ip phone 6911 firmware	eq	-

CNA Affected

[
  {
    "product": "Cisco IP Phones with Multiplatform Firmware ",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4

Social References

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

7.2 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.5%

JSON

Related for CVE-2022-20817

cvelist1 prion1 cisco1 cnvd1 nvd1 nessus1