5
CVSSv2

CVE-2020-3360

Published: 18/06/2020 Updated: 24/06/2020
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote malicious user to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the malicious user to bypass access restrictions. A successful attack could allow the malicious user to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco unified_ip_phone_6901_firmware

cisco unified_ip_phone_6961_firmware

cisco unified_ip_phone_6945_firmware

cisco unified_ip_phone_6941_firmware

cisco unified_ip_phone_6921_firmware

cisco unified_ip_phone_6911_firmware

cisco unified_ip_phone_7832_firmware

cisco unified_ip_phone_7861_firmware

cisco unified_ip_phone_7841_firmware

cisco unified_ip_phone_7821_firmware

cisco unified_ip_phone_7811_firmware

cisco unified_ip_phone_7937g_firmware

cisco unified_ip_phone_7975g_firmware

cisco unified_ip_phone_7965g_firmware

cisco unified_ip_phone_7962g_firmware

cisco unified_ip_phone_7961g_firmware

cisco unified_ip_phone_7960g_firmware

cisco unified_ip_phone_7945g_firmware

cisco unified_ip_phone_7942g_firmware

cisco unified_ip_phone_7941g_firmware

cisco unified_ip_phone_7940g_firmware

cisco unified_ip_phone_7931g_firmware

cisco unified_ip_phone_7911g_firmware

cisco unified_ip_phone_7906g_firmware

cisco unified_ip_phone_8811_firmware

cisco unified_ip_phone_8841_firmware

cisco unified_ip_phone_8845_firmware

cisco unified_ip_phone_8851_firmware

cisco unified_ip_phone_8851nr_firmware

cisco unified_ip_phone_8861_firmware

cisco unified_ip_phone_8865_firmware

cisco unified_ip_phone_8865nr_firmware

cisco unified_ip_phone_8961_firmware

cisco unified_ip_phone_8945_firmware

cisco unified_ip_phone_8941_firmware

cisco unified_ip_phone_9971_firmware

cisco unified_ip_phone_9951_firmware

Vendor Advisories

A vulnerability in the Web Access feature of Cisco IP Phones could allow an unauthenticated, remote attacker to view sensitive information on an affected device The vulnerability is due to improper access controls on the web-based management interface of an affected device An attacker could exploit this vulnerability by sending malicious requests ...