Sign-up

ID

VAR-202303-0357


CVE

CVE-2023-20079


TITLE

Out-of-bounds write vulnerability in multiple Cisco Systems products

Trust: 0.8

sources: JVNDB: JVNDB-2023-003789

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. IP Phone 6871 firmware, IP Phone 6861 firmware, IP Phone 6851 Multiple Cisco Systems products, including firmware, contain out-of-bounds write vulnerabilities.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-20079 // JVNDB: JVNDB-2023-003789 // VULMON: CVE-2023-20079

AFFECTED PRODUCTS

vendor:ciscomodel:unified ip phone 7975gscope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8841scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7861scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:unified ip phone 7945gscope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6825scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6841scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6861scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6851scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8861scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:unified ip phone 7965gscope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7841scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7811scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8811scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7832scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6871scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7821scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8845scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8832scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8831scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8865scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8851scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:シスコシステムズmodel:ip phone 8861scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 6841scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 6851scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7811scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7821scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8811scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7832scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 6861scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 6825scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8845scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7841scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 6871scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco unified ip phone 7965gscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8831scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8851scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco unified ip phone 7945gscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8865scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8832scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7861scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8841scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-003789 // NVD: CVE-2023-20079

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-20079
value: HIGH

Trust: 1.8

ykramarz@cisco.com: CVE-2023-20079
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202303-216
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2023-20079
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-003789 // NVD: CVE-2023-20079 // NVD: CVE-2023-20079 // CNNVD: CNNVD-202303-216

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-003789 // NVD: CVE-2023-20079

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202303-216

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202303-216

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-20079

PATCH
title:cisco-sa-ip-phone-cmd-inj-KMFynVcPurl:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ip-phone-cmd-inj-kmfynvcp
Trust: 0.8
title:Cisco IP Phone Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228521
Trust: 0.6
title:Cisco: Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ip-phone-cmd-inj-kmfynvcp
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20079 // 
            
            
            
            JVNDB: JVNDB-2023-003789 // 
            
            
            
            CNNVD: CNNVD-202303-216

EXTERNAL IDS
db:NVDid:CVE-2023-20079
Trust: 3.3
db:JVNDBid:JVNDB-2023-003789
Trust: 0.8
db:AUSCERTid:ESB-2023.1306.3
Trust: 0.6
db:CNNVDid:CNNVD-202303-216
Trust: 0.6
db:VULMONid:CVE-2023-20079
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20079 // 
            
            
            
            JVNDB: JVNDB-2023-003789 // 
            
            
            
            NVD: CVE-2023-20079 // 
            
            
            
            CNNVD: CNNVD-202303-216

REFERENCES
url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ip-phone-cmd-inj-kmfynvcp
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2023-20079
Trust: 1.4
url:https://www.auscert.org.au/bulletins/esb-2023.1306.3
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2023-20079/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20079 // 
            
            
            
            JVNDB: JVNDB-2023-003789 // 
            
            
            
            NVD: CVE-2023-20079 // 
            
            
            
            CNNVD: CNNVD-202303-216

SOURCES
db:VULMONid:CVE-2023-20079
db:JVNDBid:JVNDB-2023-003789
db:NVDid:CVE-2023-20079
db:CNNVDid:CNNVD-202303-216

LAST UPDATE DATE
2023-12-18T13:06:11.570000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-20079date:2023-03-03T00:00:00
db:JVNDBid:JVNDB-2023-003789date:2023-10-13T01:03:00
db:NVDid:CVE-2023-20079date:2023-11-07T04:05:58.637
db:CNNVDid:CNNVD-202303-216date:2023-03-14T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-20079date:2023-03-03T00:00:00
db:JVNDBid:JVNDB-2023-003789date:2023-10-13T00:00:00
db:NVDid:CVE-2023-20079date:2023-03-03T16:15:10.380
db:CNNVDid:CNNVD-202303-216date:2023-03-03T00:00:00