Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.
References
Link | Resource |
---|---|
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
Configuration 14 (hide)
AND |
|
Configuration 15 (hide)
AND |
|
Configuration 16 (hide)
AND |
|
Configuration 17 (hide)
AND |
|
History
10 Mar 2023, 14:51
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
References | (CISCO) https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:ip_phone_7832_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:ip_phone_7832:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ip_phone_6825_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:ip_phone_8832:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:ip_phone_6871_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ip_phone_6851_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ip_phone_8832_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ip_phone_6841_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:ip_phone_6825:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ip_phone_6861_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:* |
03 Mar 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-03 16:15
Updated : 2024-02-04 23:14
NVD link : CVE-2023-20078
Mitre link : CVE-2023-20078
CVE.ORG link : CVE-2023-20078
JSON object : View
Products Affected
cisco
- ip_phone_6841
- ip_phone_7821_firmware
- ip_phone_7811
- ip_phone_7861_firmware
- ip_phone_7841_firmware
- ip_phone_8811_firmware
- ip_phone_6871
- ip_phone_6841_firmware
- ip_phone_6861_firmware
- ip_phone_6825_firmware
- ip_phone_8865
- ip_phone_8845
- ip_phone_7861
- ip_phone_7841
- ip_phone_6825
- ip_phone_8841
- ip_phone_6871_firmware
- ip_phone_7832
- ip_phone_8851
- ip_phone_8841_firmware
- ip_phone_8861_firmware
- ip_phone_6861
- ip_phone_6851
- ip_phone_6851_firmware
- ip_phone_8861
- ip_phone_8851_firmware
- ip_phone_8811
- ip_phone_8845_firmware
- ip_phone_7811_firmware
- ip_phone_7821
- ip_phone_8865_firmware
- ip_phone_8832_firmware
- ip_phone_8832
- ip_phone_7832_firmware