Sign-up

ID

VAR-202303-0357


CVE

CVE-2023-20079


TITLE

Cisco IP Phone Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202303-216

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory

Trust: 0.99

sources: NVD: CVE-2023-20079 // VULMON: CVE-2023-20079

AFFECTED PRODUCTS

vendor:ciscomodel:ip phone 8811scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6841scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6861scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6871scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7832scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8831scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7821scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7841scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8851scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7811scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8861scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:unified ip phone 7975gscope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8865scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6825scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8832scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:unified ip phone 7965gscope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8841scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6851scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7861scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:unified ip phone 7945gscope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8845scope:ltversion:11.3.7sr1

Trust: 1.0

sources: NVD: CVE-2023-20079

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-20079
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202303-216
value: HIGH

Trust: 0.6

NVD: CVE-2023-20079
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202303-216 // NVD: CVE-2023-20079

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2023-20079

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202303-216

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202303-216

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-20079

PATCH
title:Cisco IP Phone Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228521
Trust: 0.6
title:Cisco: Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ip-phone-cmd-inj-kmfynvcp
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20079 // 
            
            
            
            CNNVD: CNNVD-202303-216

EXTERNAL IDS
db:NVDid:CVE-2023-20079
Trust: 1.7
db:AUSCERTid:ESB-2023.1306.3
Trust: 0.6
db:CNNVDid:CNNVD-202303-216
Trust: 0.6
db:VULMONid:CVE-2023-20079
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20079 // 
            
            
            
            CNNVD: CNNVD-202303-216 // 
            
            
            
            NVD: CVE-2023-20079

REFERENCES
url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ip-phone-cmd-inj-kmfynvcp
Trust: 1.8
url:https://www.auscert.org.au/bulletins/esb-2023.1306.3
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2023-20079
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2023-20079/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20079 // 
            
            
            
            CNNVD: CNNVD-202303-216 // 
            
            
            
            NVD: CVE-2023-20079

SOURCES
db:VULMONid:CVE-2023-20079
db:CNNVDid:CNNVD-202303-216
db:NVDid:CVE-2023-20079

LAST UPDATE DATE
2023-03-15T22:26:50.176000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-20079date:2023-03-03T00:00:00
db:CNNVDid:CNNVD-202303-216date:2023-03-14T00:00:00
db:NVDid:CVE-2023-20079date:2023-03-10T14:04:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-20079date:2023-03-03T00:00:00
db:CNNVDid:CNNVD-202303-216date:2023-03-03T00:00:00
db:NVDid:CVE-2023-20079date:2023-03-03T16:15:00