Sign-up

ID

VAR-202303-0475


CVE

CVE-2023-20078


TITLE

Out-of-bounds write vulnerability in multiple Cisco Systems products

Trust: 0.8

sources: JVNDB: JVNDB-2023-003782

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. IP Phone 6871 firmware, IP Phone 6861 firmware, IP Phone 6851 Multiple Cisco Systems products, including firmware, contain out-of-bounds write vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-20078 // JVNDB: JVNDB-2023-003782 // VULMON: CVE-2023-20078

AFFECTED PRODUCTS

vendor:ciscomodel:ip phone 8811scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7832scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6871scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7861scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6861scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7821scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8841scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8845scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8832scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8865scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8851scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6825scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6841scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6851scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8861scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7841scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7811scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:シスコシステムズmodel:ip phone 8811scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 6851scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7832scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 6861scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8841scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8851scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8845scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7841scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8861scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8832scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7811scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7821scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 8865scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 6841scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 6871scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 6825scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ip phone 7861scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-003782 // NVD: CVE-2023-20078

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-20078
value: CRITICAL

Trust: 1.8

ykramarz@cisco.com: CVE-2023-20078
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202303-214
value: CRITICAL

Trust: 0.6

NVD:
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2023-20078
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-003782 // NVD: CVE-2023-20078 // NVD: CVE-2023-20078 // CNNVD: CNNVD-202303-214

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-003782 // NVD: CVE-2023-20078

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202303-214

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202303-214

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-20078

PATCH
title:cisco-sa-ip-phone-cmd-inj-KMFynVcPurl:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ip-phone-cmd-inj-kmfynvcp
Trust: 0.8
title:Cisco IP Phone Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228519
Trust: 0.6
title:Cisco: Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ip-phone-cmd-inj-kmfynvcp
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20078 // 
            
            
            
            JVNDB: JVNDB-2023-003782 // 
            
            
            
            CNNVD: CNNVD-202303-214

EXTERNAL IDS
db:NVDid:CVE-2023-20078
Trust: 3.3
db:JVNDBid:JVNDB-2023-003782
Trust: 0.8
db:AUSCERTid:ESB-2023.1306.3
Trust: 0.6
db:CNNVDid:CNNVD-202303-214
Trust: 0.6
db:VULMONid:CVE-2023-20078
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20078 // 
            
            
            
            JVNDB: JVNDB-2023-003782 // 
            
            
            
            NVD: CVE-2023-20078 // 
            
            
            
            CNNVD: CNNVD-202303-214

REFERENCES
url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ip-phone-cmd-inj-kmfynvcp
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2023-20078
Trust: 1.4
url:https://www.auscert.org.au/bulletins/esb-2023.1306.3
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2023-20078/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20078 // 
            
            
            
            JVNDB: JVNDB-2023-003782 // 
            
            
            
            NVD: CVE-2023-20078 // 
            
            
            
            CNNVD: CNNVD-202303-214

SOURCES
db:VULMONid:CVE-2023-20078
db:JVNDBid:JVNDB-2023-003782
db:NVDid:CVE-2023-20078
db:CNNVDid:CNNVD-202303-214

LAST UPDATE DATE
2023-12-18T13:06:11.545000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-20078date:2023-03-03T00:00:00
db:JVNDBid:JVNDB-2023-003782date:2023-10-05T07:15:00
db:NVDid:CVE-2023-20078date:2023-11-07T04:05:58.303
db:CNNVDid:CNNVD-202303-214date:2023-03-14T00:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-20078date:2023-03-03T00:00:00
db:JVNDBid:JVNDB-2023-003782date:2023-10-05T00:00:00
db:NVDid:CVE-2023-20078date:2023-03-03T16:15:10.277
db:CNNVDid:CNNVD-202303-214date:2023-03-03T00:00:00