Lucene search
CiscoCVELIST:CVE-2023-20018HistoryJan 19, 2023 - 1:35 a.m.
CVE-2023-20018
2023-01-1901:35:41
cisco
www.cve.org
1
cisco
ip phone
vulnerability
web-based management
authentication
crafted request
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.4%
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.
CNA Affected
[
{
"vendor": "Cisco",
"product": "Cisco Session Initiation Protocol (SIP) Software",
"versions": [
{
"version": "9.3(4) 3rd Party",
"status": "affected"
},
{
"version": "9.3(4)SR3 3rd Party",
"status": "affected"
},
{
"version": "9.3(4)SR1 3rd Party",
"status": "affected"
},
{
"version": "9.3(4)SR2 3rd Party",
"status": "affected"
},
{
"version": "11.0(3)SR3",
"status": "affected"
},
{
"version": "11.0(2)SR1",
"status": "affected"
},
{
"version": "11.5(1)",
"status": "affected"
},
{
"version": "11.0(5)SR2",
"status": "affected"
},
{
"version": "11.0(2)",
"status": "affected"
},
{
"version": "11.7(1)",
"status": "affected"
},
{
"version": "11.0(4)SR3",
"status": "affected"
},
{
"version": "11.0(0.7) MPP",
"status": "affected"
},
{
"version": "11.0(4)SR2",
"status": "affected"
},
{
"version": "11.0(3)SR5",
"status": "affected"
},
{
"version": "11.0(3)SR6",
"status": "affected"
},
{
"version": "11.0(3)",
"status": "affected"
},
{
"version": "11.0(4)SR1",
"status": "affected"
},
{
"version": "11.0(1) MPP",
"status": "affected"
},
{
"version": "11.0(4)",
"status": "affected"
},
{
"version": "11.0(3)SR4",
"status": "affected"
},
{
"version": "11.0(5)",
"status": "affected"
},
{
"version": "11.0(3)SR1",
"status": "affected"
},
{
"version": "11.0(5)SR1",
"status": "affected"
},
{
"version": "11.0(3)SR2",
"status": "affected"
},
{
"version": "11.0(2)SR2",
"status": "affected"
},
{
"version": "11.0(1)",
"status": "affected"
},
{
"version": "11.5(1)SR1",
"status": "affected"
},
{
"version": "11-0-1MSR1-1",
"status": "affected"
},
{
"version": "10.4(1) 3rd Party",
"status": "affected"
},
{
"version": "10.3(1.11) 3rd Party",
"status": "affected"
},
{
"version": "10.2(2)",
"status": "affected"
},
{
"version": "10.2(1)SR1",
"status": "affected"
},
{
"version": "10.1(1.9)",
"status": "affected"
},
{
"version": "10.1(1)SR2",
"status": "affected"
},
{
"version": "10.2(1)",
"status": "affected"
},
{
"version": "10.1(1)SR1",
"status": "affected"
},
{
"version": "10.4(1)SR2 3rd Party",
"status": "affected"
},
{
"version": "10.3(1)",
"status": "affected"
},
{
"version": "10.3(1)SR4b",
"status": "affected"
},
{
"version": "10.3(1)SR5",
"status": "affected"
},
{
"version": "10.3(1.9) 3rd Party",
"status": "affected"
},
{
"version": "10.3(2)",
"status": "affected"
},
{
"version": "10.3(1)SR4",
"status": "affected"
},
{
"version": "10.3(1)SR2",
"status": "affected"
},
{
"version": "10.3(1)SR3",
"status": "affected"
},
{
"version": "10.3(1)SR1",
"status": "affected"
},
{
"version": "12.6(1)",
"status": "affected"
},
{
"version": "12.1(1)",
"status": "affected"
},
{
"version": "12.5(1)SR1",
"status": "affected"
},
{
"version": "12.5(1)SR2",
"status": "affected"
},
{
"version": "12.5(1)",
"status": "affected"
},
{
"version": "12.5(1)SR3",
"status": "affected"
},
{
"version": "12.6(1)SR1",
"status": "affected"
},
{
"version": "12.7(1)",
"status": "affected"
},
{
"version": "12.1(1)SR1",
"status": "affected"
},
{
"version": "12.0(1)",
"status": "affected"
},
{
"version": "12.0(1)SR2",
"status": "affected"
},
{
"version": "12.0(1)SR1",
"status": "affected"
},
{
"version": "12.0(1)SR3",
"status": "affected"
},
{
"version": "12.8(1)",
"status": "affected"
},
{
"version": "12.8(1)SR1",
"status": "affected"
},
{
"version": "12.8(1)SR2",
"status": "affected"
},
{
"version": "11.0(5)SR3",
"status": "affected"
},
{
"version": "11.0(6)",
"status": "affected"
},
{
"version": "11.0(6)SR1",
"status": "affected"
},
{
"version": "11.0(6)SR2",
"status": "affected"
},
{
"version": "10.3(1)SR6",
"status": "affected"
},
{
"version": "10.3(1)SR7",
"status": "affected"
},
{
"version": "12.7(1)SR1",
"status": "affected"
},
{
"version": "14.0(1)SR1",
"status": "affected"
},
{
"version": "14.0(1)",
"status": "affected"
},
{
"version": "14.0(1)SR2",
"status": "affected"
},
{
"version": "14.0(1)SR3",
"status": "affected"
},
{
"version": "14.1(1)",
"status": "affected"
},
{
"version": "14.1(1)SR1",
"status": "affected"
}
]
}
]Related
cve
cve
CVE-2023-20018
2023-01-20 07:15:13
nvd
nvd
CVE-2023-20018
2023-01-20 07:15:13
nessus
nessus
cisco
cisco
prion
prion
Authentication flaw
2023-01-20 07:15:00
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
8.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.4%
Related for CVELIST:CVE-2023-20018