CVE-2023-20078

CVSS V2 None CVSS V3 None

Description

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.

Overview

CVE ID
CVE-2023-20078

Assigner
ykramarz@cisco.com

Vulnerability Status
Analyzed

Published Version
2023-03-03T16:15:10

Last Modified Date
2023-03-10T14:51:24

Weakness Enumerations

CWE	URL
CWE-787	http://cwe.mitre.org/data/definitions/787.html
CWE-121	http://cwe.mitre.org/data/definitions/121.html

CPE Configuration (Product)

CPE	Vulnerable	Operator	Version End
		AND
cpe:2.3:o:cisco:ip_phone_6871_firmware::::::::	1	OR	11.3.7sr1
cpe:2.3:h:cisco:ip_phone_6871:-:::::::*	0	OR
		AND
cpe:2.3:o:cisco:ip_phone_6861_firmware::::::::	1	OR	11.3.7sr1
cpe:2.3:h:cisco:ip_phone_6861:-:::::::*	0	OR
		AND
cpe:2.3:o:cisco:ip_phone_6851_firmware::::::::	1	OR	11.3.7sr1
cpe:2.3:h:cisco:ip_phone_6851:-:::::::*	0	OR
		AND
cpe:2.3:o:cisco:ip_phone_6841_firmware::::::::	1	OR	11.3.7sr1
cpe:2.3:h:cisco:ip_phone_6841:-:::::::*	0	OR
		AND
cpe:2.3:o:cisco:ip_phone_6825_firmware::::::::	1	OR	11.3.7sr1
cpe:2.3:h:cisco:ip_phone_6825:-:::::::*	0	OR
		AND
cpe:2.3:o:cisco:ip_phone_7861_firmware::::::::	1	OR	11.3.7sr1
cpe:2.3:h:cisco:ip_phone_7861:-:::::::*	0	OR
		AND
cpe:2.3:o:cisco:ip_phone_7841_firmware::::::::	1	OR	11.3.7sr1
cpe:2.3:h:cisco:ip_phone_7841:-:::::::*	0	OR
		AND
cpe:2.3:o:cisco:ip_phone_7832_firmware::::::::	1	OR	11.3.7sr1
cpe:2.3:h:cisco:ip_phone_7832:-:::::::*	0	OR
		AND
cpe:2.3:o:cisco:ip_phone_7821_firmware::::::::	1	OR	11.3.7sr1
cpe:2.3:h:cisco:ip_phone_7821:-:::::::*	0	OR
		AND
cpe:2.3:o:cisco:ip_phone_7811_firmware::::::::	1	OR	11.3.7sr1
cpe:2.3:h:cisco:ip_phone_7811:-:::::::*	0	OR
		AND
cpe:2.3:o:cisco:ip_phone_8865_firmware::::::::	1	OR	11.3.7sr1
cpe:2.3:h:cisco:ip_phone_8865:-:::::::*	0	OR
		AND
cpe:2.3:o:cisco:ip_phone_8861_firmware::::::::	1	OR	11.3.7sr1
cpe:2.3:h:cisco:ip_phone_8861:-:::::::*	0	OR
		AND
cpe:2.3:o:cisco:ip_phone_8851_firmware::::::::	1	OR	11.3.7sr1
cpe:2.3:h:cisco:ip_phone_8851:-:::::::*	0	OR
		AND
cpe:2.3:o:cisco:ip_phone_8845_firmware::::::::	1	OR	11.3.7sr1
cpe:2.3:h:cisco:ip_phone_8845:-:::::::*	0	OR
		AND
cpe:2.3:o:cisco:ip_phone_8841_firmware::::::::	1	OR	11.3.7sr1
cpe:2.3:h:cisco:ip_phone_8841:-:::::::*	0	OR
		AND
cpe:2.3:o:cisco:ip_phone_8832_firmware::::::::	1	OR	11.3.7sr1
cpe:2.3:h:cisco:ip_phone_8832:-:::::::*	0	OR
		AND
cpe:2.3:o:cisco:ip_phone_8811_firmware::::::::	1	OR	11.3.7sr1
cpe:2.3:h:cisco:ip_phone_8811:-:::::::*	0	OR

References

Reference URL	Reference Tags
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP	Vendor Advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-20078
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20078

History

Created	Old Value	New Value	Data Type	Notes
2023-04-17 05:54:04				Added to TrackCVE
2023-04-17 05:54:07			Weakness Enumeration	new