Details of VAR-202509-1174

ID

VAR-202509-1174

CVE

CVE-2025-20336

DESCRIPTION

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability exists because the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. An attacker could exploit this vulnerability by sending a crafted packet to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information from the device. Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.

Trust: 1.0

sources: NVD: CVE-2025-20336

AFFECTED PRODUCTS

vendor:	cisco	model:	ip phone 8851	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	video phone 8875	scope:	gte	version:	3.0\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9841	scope:	lt	version:	3.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8861	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7841	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8865	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7861	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9851	scope:	lt	version:	3.3\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9841	scope:	gte	version:	3.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8821	scope:	eq	version:	11.0\(6\)	Trust: 1.0
vendor:	cisco	model:	video phone 8875	scope:	eq	version:	2.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8841	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8845	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	video phone 8875	scope:	lt	version:	2.3\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9851	scope:	gte	version:	3.0\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9861	scope:	lt	version:	3.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8851nr	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9871	scope:	lt	version:	3.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7811	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8851	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9861	scope:	gte	version:	3.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8861	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8811	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7861	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	video phone 8875	scope:	lt	version:	3.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8821	scope:	lt	version:	11.0\(6\)	Trust: 1.0
vendor:	cisco	model:	desk phone 9871	scope:	gte	version:	3.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8841	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7841	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8851nr	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8865	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7811	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7821	scope:	eq	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8811	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 7821	scope:	lt	version:	14.3\(1\)	Trust: 1.0
vendor:	cisco	model:	ip phone 8845	scope:	eq	version:	14.3\(1\)	Trust: 1.0

sources: NVD: CVE-2025-20336

CVSS

SEVERITY

CVSSV2

CVSSV3

psirt@cisco.com:	CVE-2025-20336
value:	MEDIUM
Trust: 1.0
nvd@nist.gov:	CVE-2025-20336
value:	HIGH
Trust: 1.0

psirt@cisco.com:	CVE-2025-20336
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-20336
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: NVD: CVE-2025-20336 // NVD: CVE-2025-20336

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.0

sources: NVD: CVE-2025-20336

EXTERNAL IDS

db:

NVD

id:

CVE-2025-20336

Trust: 1.0

sources: NVD: CVE-2025-20336

REFERENCES

url:

https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-phone-write-g3kcc5df

Trust: 1.0

sources: NVD: CVE-2025-20336

SOURCES

db:

NVD

id:

CVE-2025-20336

LAST UPDATE DATE

2026-01-14T23:52:14.007000+00:00

SOURCES UPDATE DATE

db:

NVD

id:

CVE-2025-20336

date:

2026-01-05T14:49:30.253

SOURCES RELEASE DATE

db:

NVD

id:

CVE-2025-20336

date:

2025-09-03T18:15:34.637