ID

VAR-202307-1790


CVE

CVE-2023-20181


TITLE

Cisco Small Business SPA500 Series IP Phones Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2023-61392 // CNNVD: CNNVD-202307-1761

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. For more information about these vulnerabilities, see the Details section of this advisory. There are no workarounds that address these vulnerabilities. This advisory is available at the following link:sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F

Trust: 1.53

sources: NVD: CVE-2023-20181 // CNVD: CNVD-2023-61392 // VULMON: CVE-2023-20181

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2023-61392

AFFECTED PRODUCTS

vendor:ciscomodel:spa508gscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:spa502gscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:spa500dsscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:spa525g2scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:spa500sscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:spa514gscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:spa501gscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:spa525gscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:spa509gscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:spa525scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:spa504gscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:spa512gscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:small business spa500 series ip phonesscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2023-61392 // NVD: CVE-2023-20181

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-20181
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20181
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2023-61392
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202307-1761
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2023-61392
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2023-20181
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 2.0

sources: CNVD: CNVD-2023-61392 // CNNVD: CNNVD-202307-1761 // NVD: CVE-2023-20181 // NVD: CVE-2023-20181

PROBLEMTYPE DATA

problemtype:CWE-80

Trust: 1.0

problemtype:CWE-79

Trust: 1.0

sources: NVD: CVE-2023-20181

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202307-1761

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202307-1761

PATCH

title:Patch for Cisco Small Business SPA500 Series IP Phones Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/449296

Trust: 0.6

title:Cisco Small Business SPA500 Series IP Phones Fixes for cross-site scripting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=246929

Trust: 0.6

title:Cisco: Cisco Small Business SPA500 Series IP Phones Web UI Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-spa-web-multi-7kvPmu2F

Trust: 0.1

sources: CNVD: CNVD-2023-61392 // VULMON: CVE-2023-20181 // CNNVD: CNNVD-202307-1761

EXTERNAL IDS

db:NVDid:CVE-2023-20181

Trust: 2.3

db:CNVDid:CNVD-2023-61392

Trust: 0.6

db:AUSCERTid:ESB-2023.4103

Trust: 0.6

db:CNNVDid:CNNVD-202307-1761

Trust: 0.6

db:VULMONid:CVE-2023-20181

Trust: 0.1

sources: CNVD: CNVD-2023-61392 // VULMON: CVE-2023-20181 // CNNVD: CNNVD-202307-1761 // NVD: CVE-2023-20181

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-spa-web-multi-7kvpmu2f

Trust: 1.7

url:https://www.auscert.org.au/bulletins/esb-2023.4103

Trust: 0.6

sources: CNVD: CNVD-2023-61392 // VULMON: CVE-2023-20181 // CNNVD: CNNVD-202307-1761 // NVD: CVE-2023-20181

SOURCES

db:CNVDid:CNVD-2023-61392
db:VULMONid:CVE-2023-20181
db:CNNVDid:CNNVD-202307-1761
db:NVDid:CVE-2023-20181

LAST UPDATE DATE

2024-08-14T15:15:54.949000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2023-61392date:2023-08-07T00:00:00
db:CNNVDid:CNNVD-202307-1761date:2023-07-24T00:00:00
db:NVDid:CVE-2023-20181date:2024-01-25T17:15:32.997

SOURCES RELEASE DATE

db:CNVDid:CNVD-2023-61392date:2023-08-07T00:00:00
db:CNNVDid:CNNVD-202307-1761date:2023-07-20T00:00:00
db:NVDid:CVE-2023-20181date:2023-08-03T22:15:10.737