CVE-2023-20078

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:ip_phone_6871_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:ip_phone_6861_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cisco:ip_phone_6851_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:cisco:ip_phone_6841_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:cisco:ip_phone_6825_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_6825:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:cisco:ip_phone_7832_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_7832:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:cisco:ip_phone_8832_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8832:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*

History

10 Mar 2023, 14:51

Type	Values Removed	Values Added
CPE		cpe:2.3:h:cisco:ip_phone_6851:-:::::::* cpe:2.3:h:cisco:ip_phone_7841:-:::::::* cpe:2.3:o:cisco:ip_phone_7832_firmware:::::::: cpe:2.3:h:cisco:ip_phone_8861:-:::::::* cpe:2.3:h:cisco:ip_phone_7832:-:::::::* cpe:2.3:h:cisco:ip_phone_8865:-:::::::* cpe:2.3:h:cisco:ip_phone_6871:-:::::::* cpe:2.3:h:cisco:ip_phone_7811:-:::::::* cpe:2.3:h:cisco:ip_phone_8851:-:::::::* cpe:2.3:o:cisco:ip_phone_8865_firmware:::::::: cpe:2.3:o:cisco:ip_phone_6825_firmware:::::::: cpe:2.3:h:cisco:ip_phone_8832:-:::::::* cpe:2.3:o:cisco:ip_phone_6871_firmware:::::::: cpe:2.3:o:cisco:ip_phone_6851_firmware:::::::: cpe:2.3:o:cisco:ip_phone_8832_firmware:::::::: cpe:2.3:o:cisco:ip_phone_6841_firmware:::::::: cpe:2.3:h:cisco:ip_phone_7821:-:::::::* cpe:2.3:h:cisco:ip_phone_8845:-:::::::* cpe:2.3:h:cisco:ip_phone_6841:-:::::::* cpe:2.3:h:cisco:ip_phone_8811:-:::::::* cpe:2.3:h:cisco:ip_phone_6825:-:::::::* cpe:2.3:o:cisco:ip_phone_7821_firmware:::::::: cpe:2.3:o:cisco:ip_phone_6861_firmware:::::::: cpe:2.3:o:cisco:ip_phone_8811_firmware:::::::: cpe:2.3:o:cisco:ip_phone_8851_firmware:::::::: cpe:2.3:h:cisco:ip_phone_6861:-:::::::* cpe:2.3:o:cisco:ip_phone_8845_firmware:::::::: cpe:2.3:h:cisco:ip_phone_7861:-:::::::* cpe:2.3:o:cisco:ip_phone_7841_firmware:::::::: cpe:2.3:o:cisco:ip_phone_7861_firmware:::::::: cpe:2.3:o:cisco:ip_phone_8841_firmware:::::::: cpe:2.3:h:cisco:ip_phone_8841:-:::::::* cpe:2.3:o:cisco:ip_phone_7811_firmware:::::::: cpe:2.3:o:cisco:ip_phone_8861_firmware::::::::
CWE		CWE-787
References	~~(CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP -~~	(CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8

03 Mar 2023, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-03-03 16:15

Updated : 2024-02-04 23:14

NVD link : CVE-2023-20078

Mitre link : CVE-2023-20078

CVE.ORG link : CVE-2023-20078

JSON object : View

Products Affected

cisco

ip_phone_6861_firmware
ip_phone_8851
ip_phone_7821_firmware
ip_phone_7832
ip_phone_6851
ip_phone_8845_firmware
ip_phone_6861
ip_phone_7811_firmware
ip_phone_8865
ip_phone_8861
ip_phone_8845
ip_phone_6825
ip_phone_7861
ip_phone_8861_firmware
ip_phone_8832_firmware
ip_phone_8865_firmware
ip_phone_7841
ip_phone_6871_firmware
ip_phone_8811
ip_phone_7861_firmware
ip_phone_7841_firmware
ip_phone_8832
ip_phone_7811
ip_phone_7832_firmware
ip_phone_6851_firmware
ip_phone_6841_firmware
ip_phone_6825_firmware
ip_phone_8851_firmware
ip_phone_6841
ip_phone_8811_firmware
ip_phone_6871
ip_phone_8841_firmware
ip_phone_7821
ip_phone_8841

CWE

CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow

9.8 /10