Sign-up

ID

VAR-202301-0952


CVE

CVE-2023-20018


TITLE

Cisco IP Phone 7800  and  8800  Fraudulent Authentication Vulnerability in Series

Trust: 0.8

sources: JVNDB: JVNDB-2023-002345

DESCRIPTION

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication

Trust: 1.71

sources: NVD: CVE-2023-20018 // JVNDB: JVNDB-2023-002345 // VULMON: CVE-2023-20018

AFFECTED PRODUCTS

vendor:ciscomodel:ip phone 7811scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8851scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8845scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 7861scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8811scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8821-exscope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:wireless ip phone 8821scope:ltversion:11.0\(6\)sr4

Trust: 1.0

vendor:ciscomodel:unified ip phone 8865nrscope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 7841scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:unified ip phone 8851nrscope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 7821scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8841scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8865scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8861scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8800scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phones 8832scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 7800scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8821scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 8832scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:ip phone 7832scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:ciscomodel:wireless ip phone 8821-exscope:ltversion:11.0\(6\)sr4

Trust: 1.0

vendor:ciscomodel:ip phone 8831scope:ltversion:14.1\(1\)sr2

Trust: 1.0

vendor:シスコシステムズmodel:ip phone 7821scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7841scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8811scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7811scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8821-exscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7832scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8800scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8821scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7861scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco ip phone 7800 シリーズscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-002345 // NVD: CVE-2023-20018

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-20018
value: MEDIUM

Trust: 1.8

ykramarz@cisco.com: CVE-2023-20018
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202301-1004
value: MEDIUM

Trust: 0.6

NVD:
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

ykramarz@cisco.com:
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 4.7
version: 3.1

Trust: 1.0

NVD: CVE-2023-20018
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-002345 // CNNVD: CNNVD-202301-1004 // NVD: CVE-2023-20018 // NVD: CVE-2023-20018

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.0

problemtype:Illegal authentication (CWE-863) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-002345 // NVD: CVE-2023-20018

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202301-1004

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202301-1004

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-20018

PATCH
title:cisco-sa-ip-phone-auth-bypass-pSqxZRPRurl:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ip-phone-auth-bypass-psqxzrpr
Trust: 0.8
title:Cisco: Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ip-phone-auth-bypass-psqxzrpr
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20018 // 
            
            
            
            JVNDB: JVNDB-2023-002345

EXTERNAL IDS
db:NVDid:CVE-2023-20018
Trust: 3.3
db:JVNDBid:JVNDB-2023-002345
Trust: 0.8
db:AUSCERTid:ESB-2023.0179
Trust: 0.6
db:CNNVDid:CNNVD-202301-1004
Trust: 0.6
db:VULMONid:CVE-2023-20018
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20018 // 
            
            
            
            JVNDB: JVNDB-2023-002345 // 
            
            
            
            CNNVD: CNNVD-202301-1004 // 
            
            
            
            NVD: CVE-2023-20018

REFERENCES
url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ip-phone-auth-bypass-psqxzrpr
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2023-20018
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2023.0179
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2023-20018/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20018 // 
            
            
            
            JVNDB: JVNDB-2023-002345 // 
            
            
            
            CNNVD: CNNVD-202301-1004 // 
            
            
            
            NVD: CVE-2023-20018

SOURCES
db:VULMONid:CVE-2023-20018
db:JVNDBid:JVNDB-2023-002345
db:CNNVDid:CNNVD-202301-1004
db:NVDid:CVE-2023-20018

LAST UPDATE DATE
2024-01-29T19:37:29.328000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-20018date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002345date:2023-07-05T07:48:00
db:CNNVDid:CNNVD-202301-1004date:2023-02-02T00:00:00
db:NVDid:CVE-2023-20018date:2024-01-25T17:15:25.060

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-20018date:2023-01-20T00:00:00
db:JVNDBid:JVNDB-2023-002345date:2023-07-05T00:00:00
db:CNNVDid:CNNVD-202301-1004date:2023-01-12T00:00:00
db:NVDid:CVE-2023-20018date:2023-01-20T07:15:13.633