ID

VAR-202303-0357


CVE

CVE-2023-20079


TITLE

Out-of-bounds write vulnerability in multiple Cisco Systems products

Trust: 0.8

sources: JVNDB: JVNDB-2023-003789

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. IP Phone 6871 firmware, IP Phone 6861 firmware, IP Phone 6851 Multiple Cisco Systems products, including firmware, contain out-of-bounds write vulnerabilities.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-20079 // JVNDB: JVNDB-2023-003789 // VULMON: CVE-2023-20079

AFFECTED PRODUCTS

vendor:ciscomodel:ip phone 7861scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6851scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8861scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8851scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:unified ip phone 7945gscope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8831scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7841scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8832scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6825scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6871scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7821scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7811scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8845scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:unified ip phone 7965gscope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8841scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6841scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7832scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8811scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8865scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6861scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:unified ip phone 7975gscope:ltversion:11.3.7sr1

Trust: 1.0

vendor:シスコシステムズmodel:ip phone 8861scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 6841scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 6851scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7811scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7821scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8811scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7832scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 6861scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 6825scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8845scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7841scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 6871scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco unified ip phone 7965gscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8831scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8851scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco unified ip phone 7945gscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8865scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8832scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7861scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8841scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-003789 // NVD: CVE-2023-20079

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-20079
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20079
value: CRITICAL

Trust: 1.0

NVD: CVE-2023-20079
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202303-216
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2023-20079
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20079
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-20079
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-003789 // CNNVD: CNNVD-202303-216 // NVD: CVE-2023-20079 // NVD: CVE-2023-20079

PROBLEMTYPE DATA

problemtype:CWE-121

Trust: 1.0

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-003789 // NVD: CVE-2023-20079

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202303-216

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202303-216

PATCH

title:cisco-sa-ip-phone-cmd-inj-KMFynVcPurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP

Trust: 0.8

title:Cisco IP Phone Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=228521

Trust: 0.6

title:Cisco: Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ip-phone-cmd-inj-KMFynVcP

Trust: 0.1

sources: VULMON: CVE-2023-20079 // JVNDB: JVNDB-2023-003789 // CNNVD: CNNVD-202303-216

EXTERNAL IDS

db:NVDid:CVE-2023-20079

Trust: 3.3

db:JVNDBid:JVNDB-2023-003789

Trust: 0.8

db:AUSCERTid:ESB-2023.1306.3

Trust: 0.6

db:CNNVDid:CNNVD-202303-216

Trust: 0.6

db:VULMONid:CVE-2023-20079

Trust: 0.1

sources: VULMON: CVE-2023-20079 // JVNDB: JVNDB-2023-003789 // CNNVD: CNNVD-202303-216 // NVD: CVE-2023-20079

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ip-phone-cmd-inj-kmfynvcp

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-20079

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2023.1306.3

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-20079/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-20079 // JVNDB: JVNDB-2023-003789 // CNNVD: CNNVD-202303-216 // NVD: CVE-2023-20079

SOURCES

db:VULMONid:CVE-2023-20079
db:JVNDBid:JVNDB-2023-003789
db:CNNVDid:CNNVD-202303-216
db:NVDid:CVE-2023-20079

LAST UPDATE DATE

2024-08-14T14:10:13.562000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-20079date:2023-03-03T00:00:00
db:JVNDBid:JVNDB-2023-003789date:2023-10-13T01:03:00
db:CNNVDid:CNNVD-202303-216date:2023-03-14T00:00:00
db:NVDid:CVE-2023-20079date:2023-11-07T04:05:58.637

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-20079date:2023-03-03T00:00:00
db:JVNDBid:JVNDB-2023-003789date:2023-10-13T00:00:00
db:CNNVDid:CNNVD-202303-216date:2023-03-03T00:00:00
db:NVDid:CVE-2023-20079date:2023-03-03T16:15:10.380