Lucene search
HistoryJan 20, 2023 - 7:15 a.m.
CVE-2023-20018
cisco
ip phone
vulnerability
web-based management interface
authentication bypass
remote attacker
cve-2023-20018
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
6.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.5%
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.
Affected configurations
Node
ciscoip_phone_7800_firmwareRange<14.1\(1\)sr2
ciscoip_phone_7800Match-
Node
ciscoip_phone_7811_firmwareRange<14.1\(1\)sr2
ciscoip_phone_7811Match-
Node
ciscoip_phone_7821_firmwareRange<14.1\(1\)sr2
ciscoip_phone_7821Match-
Node
ciscoip_phone_7832_firmwareRange<14.1\(1\)sr2
ciscoip_phone_7832Match-
Node
ciscoip_phone_7841_firmwareRange<14.1\(1\)sr2
ciscoip_phone_7841Match-
Node
ciscoip_phone_7861_firmwareRange<14.1\(1\)sr2
ciscoip_phone_7861Match-
Node
ciscoip_phone_8800_firmwareRange<14.1\(1\)sr2
ciscoip_phone_8800Match-
Node
ciscoip_phone_8811_firmwareRange<14.1\(1\)sr2
ciscoip_phone_8811Match-
Node
ciscoip_phone_8821_firmwareRange<14.1\(1\)sr2
ciscoip_phone_8821Match-
Node
ciscoip_phone_8821-ex_firmwareRange<14.1\(1\)sr2
ciscoip_phone_8821-exMatch-
Node
ciscoip_phone_8831_firmwareRange<14.1\(1\)sr2
ciscoip_phone_8831Match-
Node
ciscoip_phone_8832_firmwareRange<14.1\(1\)sr2
ciscoip_phone_8832Match-
Node
ciscoip_phone_8841_firmwareRange<14.1\(1\)sr2
ciscoip_phone_8841Match-
Node
ciscoip_phone_8845_firmwareRange<14.1\(1\)sr2
ciscoip_phone_8845Match-
Node
ciscoip_phone_8851_firmwareRange<14.1\(1\)sr2
ciscoip_phone_8851Match-
Node
ciscoip_phone_8861_firmwareRange<14.1\(1\)sr2
ciscoip_phone_8861Match-
Node
ciscoip_phone_8865_firmwareRange<14.1\(1\)sr2
ciscoip_phone_8865Match-
Node
ciscoip_phones_8832_firmwareRange<14.1\(1\)sr2
ciscoip_phones_8832Match-
Node
ciscounified_ip_phone_8851nr_firmwareRange<14.1\(1\)sr2
ciscounified_ip_phone_8851nrMatch-
Node
ciscounified_ip_phone_8865nr_firmwareRange<14.1\(1\)sr2
ciscounified_ip_phone_8865nrMatch-
Node
ciscowireless_ip_phone_8821_firmwareRange<11.0\(6\)sr4
ciscowireless_ip_phone_8821Match-
Node
ciscowireless_ip_phone_8821-ex_firmwareRange<11.0\(6\)sr4
ciscowireless_ip_phone_8821-exMatch-
| CPE | Name | Operator | Version |
|---|---|---|---|
| cisco:ip_phone_7800_firmware | cisco ip phone 7800 firmware | lt | 14.1\(1\)sr2 |
CNA Affected
[
{
"vendor": "Cisco",
"product": "Cisco Session Initiation Protocol (SIP) Software",
"versions": [
{
"version": "9.3(4) 3rd Party",
"status": "affected"
},
{
"version": "9.3(4)SR3 3rd Party",
"status": "affected"
},
{
"version": "9.3(4)SR1 3rd Party",
"status": "affected"
},
{
"version": "9.3(4)SR2 3rd Party",
"status": "affected"
},
{
"version": "11.0(3)SR3",
"status": "affected"
},
{
"version": "11.0(2)SR1",
"status": "affected"
},
{
"version": "11.5(1)",
"status": "affected"
},
{
"version": "11.0(5)SR2",
"status": "affected"
},
{
"version": "11.0(2)",
"status": "affected"
},
{
"version": "11.7(1)",
"status": "affected"
},
{
"version": "11.0(4)SR3",
"status": "affected"
},
{
"version": "11.0(0.7) MPP",
"status": "affected"
},
{
"version": "11.0(4)SR2",
"status": "affected"
},
{
"version": "11.0(3)SR5",
"status": "affected"
},
{
"version": "11.0(3)SR6",
"status": "affected"
},
{
"version": "11.0(3)",
"status": "affected"
},
{
"version": "11.0(4)SR1",
"status": "affected"
},
{
"version": "11.0(1) MPP",
"status": "affected"
},
{
"version": "11.0(4)",
"status": "affected"
},
{
"version": "11.0(3)SR4",
"status": "affected"
},
{
"version": "11.0(5)",
"status": "affected"
},
{
"version": "11.0(3)SR1",
"status": "affected"
},
{
"version": "11.0(5)SR1",
"status": "affected"
},
{
"version": "11.0(3)SR2",
"status": "affected"
},
{
"version": "11.0(2)SR2",
"status": "affected"
},
{
"version": "11.0(1)",
"status": "affected"
},
{
"version": "11.5(1)SR1",
"status": "affected"
},
{
"version": "11-0-1MSR1-1",
"status": "affected"
},
{
"version": "10.4(1) 3rd Party",
"status": "affected"
},
{
"version": "10.3(1.11) 3rd Party",
"status": "affected"
},
{
"version": "10.2(2)",
"status": "affected"
},
{
"version": "10.2(1)SR1",
"status": "affected"
},
{
"version": "10.1(1.9)",
"status": "affected"
},
{
"version": "10.1(1)SR2",
"status": "affected"
},
{
"version": "10.2(1)",
"status": "affected"
},
{
"version": "10.1(1)SR1",
"status": "affected"
},
{
"version": "10.4(1)SR2 3rd Party",
"status": "affected"
},
{
"version": "10.3(1)",
"status": "affected"
},
{
"version": "10.3(1)SR4b",
"status": "affected"
},
{
"version": "10.3(1)SR5",
"status": "affected"
},
{
"version": "10.3(1.9) 3rd Party",
"status": "affected"
},
{
"version": "10.3(2)",
"status": "affected"
},
{
"version": "10.3(1)SR4",
"status": "affected"
},
{
"version": "10.3(1)SR2",
"status": "affected"
},
{
"version": "10.3(1)SR3",
"status": "affected"
},
{
"version": "10.3(1)SR1",
"status": "affected"
},
{
"version": "12.6(1)",
"status": "affected"
},
{
"version": "12.1(1)",
"status": "affected"
},
{
"version": "12.5(1)SR1",
"status": "affected"
},
{
"version": "12.5(1)SR2",
"status": "affected"
},
{
"version": "12.5(1)",
"status": "affected"
},
{
"version": "12.5(1)SR3",
"status": "affected"
},
{
"version": "12.6(1)SR1",
"status": "affected"
},
{
"version": "12.7(1)",
"status": "affected"
},
{
"version": "12.1(1)SR1",
"status": "affected"
},
{
"version": "12.0(1)",
"status": "affected"
},
{
"version": "12.0(1)SR2",
"status": "affected"
},
{
"version": "12.0(1)SR1",
"status": "affected"
},
{
"version": "12.0(1)SR3",
"status": "affected"
},
{
"version": "12.8(1)",
"status": "affected"
},
{
"version": "12.8(1)SR1",
"status": "affected"
},
{
"version": "12.8(1)SR2",
"status": "affected"
},
{
"version": "11.0(5)SR3",
"status": "affected"
},
{
"version": "11.0(6)",
"status": "affected"
},
{
"version": "11.0(6)SR1",
"status": "affected"
},
{
"version": "11.0(6)SR2",
"status": "affected"
},
{
"version": "10.3(1)SR6",
"status": "affected"
},
{
"version": "10.3(1)SR7",
"status": "affected"
},
{
"version": "12.7(1)SR1",
"status": "affected"
},
{
"version": "14.0(1)SR1",
"status": "affected"
},
{
"version": "14.0(1)",
"status": "affected"
},
{
"version": "14.0(1)SR2",
"status": "affected"
},
{
"version": "14.0(1)SR3",
"status": "affected"
},
{
"version": "14.1(1)",
"status": "affected"
},
{
"version": "14.1(1)SR1",
"status": "affected"
}
]
}
]Related
cvelist
cvelist
CVE-2023-20018
2023-01-19 01:35:41
nvd
nvd
CVE-2023-20018
2023-01-20 07:15:13
prion
prion
Authentication flaw
2023-01-20 07:15:00
cisco
cisco
nessus
nessus
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
6.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
40.5%
Related for CVE-2023-20018