ID

VAR-202301-0952


CVE

CVE-2023-20018


TITLE

Cisco IP Phone 7800  and  8800  Fraudulent Authentication Vulnerability in Series

Trust: 0.8

sources: JVNDB: JVNDB-2023-002345

DESCRIPTION

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication

Trust: 1.71

sources: NVD: CVE-2023-20018 // JVNDB: JVNDB-2023-002345 // VULMON: CVE-2023-20018

AFFECTED PRODUCTS

vendor:ciscomodel:ip phone 8865scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 7861scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 7800scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8821scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8831scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8851scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8861scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:wireless ip phone 8821-exscope:ltversion:11.0\(6\)sr4

Trust: 1.0

vendor:ciscomodel:ip phone 8832scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 7841scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:unified ip phone 8865nrscope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:unified ip phone 8851nrscope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:wireless ip phone 8821scope:ltversion:11.0\(6\)sr4

Trust: 1.0

vendor:ciscomodel:ip phone 7811scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8845scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 7821scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8821-exscope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8800scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8841scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phones 8832scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 7832scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8811scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:シスコシステムズmodel:ip phone 7821scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7841scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8811scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7811scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8821-exscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7832scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8800scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8821scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7861scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ip phone 7800 シリーズscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002345 // NVD: CVE-2023-20018

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-20018
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20018
value: HIGH

Trust: 1.0

NVD: CVE-2023-20018
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202301-1004
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2023-20018
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20018
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.7
version: 3.1

Trust: 1.0

NVD: CVE-2023-20018
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002345 // CNNVD: CNNVD-202301-1004 // NVD: CVE-2023-20018 // NVD: CVE-2023-20018

PROBLEMTYPE DATA

problemtype:CWE-288

Trust: 1.0

problemtype:CWE-863

Trust: 1.0

problemtype:Illegal authentication (CWE-863) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-002345 // NVD: CVE-2023-20018

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-1004

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202301-1004

PATCH

title:cisco-sa-ip-phone-auth-bypass-pSqxZRPRurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR

Trust: 0.8

title:Cisco: Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ip-phone-auth-bypass-pSqxZRPR

Trust: 0.1

sources: VULMON: CVE-2023-20018 // JVNDB: JVNDB-2023-002345

EXTERNAL IDS

db:NVDid:CVE-2023-20018

Trust: 3.3

db:JVNDBid:JVNDB-2023-002345

Trust: 0.8

db:AUSCERTid:ESB-2023.0179

Trust: 0.6

db:CNNVDid:CNNVD-202301-1004

Trust: 0.6

db:VULMONid:CVE-2023-20018

Trust: 0.1

sources: VULMON: CVE-2023-20018 // JVNDB: JVNDB-2023-002345 // CNNVD: CNNVD-202301-1004 // NVD: CVE-2023-20018

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ip-phone-auth-bypass-psqxzrpr

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-20018

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2023.0179

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-20018/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-20018 // JVNDB: JVNDB-2023-002345 // CNNVD: CNNVD-202301-1004 // NVD: CVE-2023-20018

SOURCES

db:VULMONid:CVE-2023-20018
db:JVNDBid:JVNDB-2023-002345
db:CNNVDid:CNNVD-202301-1004
db:NVDid:CVE-2023-20018

LAST UPDATE DATE

2024-08-14T14:17:30.309000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-20018date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002345date:2023-07-05T07:48:00
db:CNNVDid:CNNVD-202301-1004date:2023-02-02T00:00:00
db:NVDid:CVE-2023-20018date:2024-01-25T17:15:25.060

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-20018date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002345date:2023-07-05T00:00:00
db:CNNVDid:CNNVD-202301-1004date:2023-01-12T00:00:00
db:NVDid:CVE-2023-20018date:2023-01-20T07:15:13.633