Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-20018

Published: 20/01/2023 Updated: 25/01/2024
CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Cisco

Vulnerability Summary

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote malicious user to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the malicious user to access certain parts of the web interface that would normally require authentication.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco ip_phone_7800_firmware

cisco ip_phone_7811_firmware

cisco ip_phone_7821_firmware

cisco ip_phone_7832_firmware

cisco ip_phone_7841_firmware

cisco ip_phone_7861_firmware

cisco ip_phone_8800_firmware

cisco ip_phone_8811_firmware

cisco ip_phone_8821_firmware

cisco ip_phone_8821-ex_firmware

cisco ip_phone_8831_firmware

cisco ip_phone_8832_firmware

cisco ip_phone_8841_firmware

cisco ip_phone_8845_firmware

cisco ip_phone_8851_firmware

cisco ip_phone_8861_firmware

cisco ip_phone_8865_firmware

cisco ip_phones_8832_firmware

cisco unified_ip_phone_8851nr_firmware

cisco unified_ip_phone_8865nr_firmware

cisco wireless_ip_phone_8821_firmware

cisco wireless_ip_phone_8821-ex_firmware

Vendor Advisories

Cisco: Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerability
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device This vulnerability is due to insufficient validation of user-supplied input An attacker could exploit this vulnerability by sending a crafted request to ...

References

CWE-863https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPRhttps://nvd.nist.govhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook