Sign-up

ID

VAR-202303-0475


CVE

CVE-2023-20078


TITLE

Cisco IP Phone Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202303-214

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory

Trust: 0.99

sources: NVD: CVE-2023-20078 // VULMON: CVE-2023-20078

AFFECTED PRODUCTS

vendor:ciscomodel:ip phone 8811scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6841scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6861scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6871scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7832scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7821scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7841scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6825scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8851scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7811scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8861scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8832scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8841scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 6851scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8865scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7861scope:ltversion:11.3.7sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8845scope:ltversion:11.3.7sr1

Trust: 1.0

sources: NVD: CVE-2023-20078

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-20078
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202303-214
value: CRITICAL

Trust: 0.6

NVD: CVE-2023-20078
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202303-214 // NVD: CVE-2023-20078

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

sources: NVD: CVE-2023-20078

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202303-214

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202303-214

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2023-20078

PATCH
title:Cisco IP Phone Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=228519
Trust: 0.6
title:Cisco: Cisco IP Phone 6800, 7800, 7900, and 8800 Series Web UI Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-ip-phone-cmd-inj-kmfynvcp
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20078 // 
            
            
            
            CNNVD: CNNVD-202303-214

EXTERNAL IDS
db:NVDid:CVE-2023-20078
Trust: 1.7
db:AUSCERTid:ESB-2023.1306.3
Trust: 0.6
db:CNNVDid:CNNVD-202303-214
Trust: 0.6
db:VULMONid:CVE-2023-20078
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20078 // 
            
            
            
            CNNVD: CNNVD-202303-214 // 
            
            
            
            NVD: CVE-2023-20078

REFERENCES
url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-ip-phone-cmd-inj-kmfynvcp
Trust: 1.8
url:https://nvd.nist.gov/vuln/detail/cve-2023-20078
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2023.1306.3
Trust: 0.6
url:https://cxsecurity.com/cveshow/cve-2023-20078/
Trust: 0.6
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2023-20078 // 
            
            
            
            CNNVD: CNNVD-202303-214 // 
            
            
            
            NVD: CVE-2023-20078

SOURCES
db:VULMONid:CVE-2023-20078
db:CNNVDid:CNNVD-202303-214
db:NVDid:CVE-2023-20078

LAST UPDATE DATE
2023-03-15T22:26:50.152000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2023-20078date:2023-03-03T00:00:00
db:CNNVDid:CNNVD-202303-214date:2023-03-14T00:00:00
db:NVDid:CVE-2023-20078date:2023-03-10T14:51:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2023-20078date:2023-03-03T00:00:00
db:CNNVDid:CNNVD-202303-214date:2023-03-03T00:00:00
db:NVDid:CVE-2023-20078date:2023-03-03T16:15:00