Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3360

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.

Published

2020-06-18T03:15:14.403

Last Modified

2024-11-21T05:30:52.567

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-200
Type: Primary
CWE-863

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	unified_ip_phone_6901_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_6901	-	No
Operating System	cisco	unified_ip_phone_6961_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_6961	-	No
Operating System	cisco	unified_ip_phone_6945_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_6945	-	No
Operating System	cisco	unified_ip_phone_6941_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_6941	-	No
Operating System	cisco	unified_ip_phone_6921_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_6921	-	No
Operating System	cisco	unified_ip_phone_6911_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_6911	-	No
Operating System	cisco	unified_ip_phone_7832_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7832	-	No
Operating System	cisco	unified_ip_phone_7861_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7861	-	No
Operating System	cisco	unified_ip_phone_7841_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7841	-	No
Operating System	cisco	unified_ip_phone_7821_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7821	-	No
Operating System	cisco	unified_ip_phone_7811_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7811	-	No
Operating System	cisco	unified_ip_phone_7937g_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7937g	-	No
Operating System	cisco	unified_ip_phone_7975g_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7975g	-	No
Operating System	cisco	unified_ip_phone_7965g_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7965g	-	No
Operating System	cisco	unified_ip_phone_7962g_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7962g	-	No
Operating System	cisco	unified_ip_phone_7961g_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7961g	-	No
Operating System	cisco	unified_ip_phone_7960g_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7960g	-	No
Operating System	cisco	unified_ip_phone_7945g_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7945g	-	No
Operating System	cisco	unified_ip_phone_7942g_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7942g	-	No
Operating System	cisco	unified_ip_phone_7941g_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7941g	-	No
Operating System	cisco	unified_ip_phone_7940g_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7940g	-	No
Operating System	cisco	unified_ip_phone_7931g_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7931g	-	No
Operating System	cisco	unified_ip_phone_7911g_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7911g	-	No
Operating System	cisco	unified_ip_phone_7906g_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_7906g	-	No
Operating System	cisco	unified_ip_phone_8811_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_8811	-	No
Operating System	cisco	unified_ip_phone_8841_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_8841	-	No
Operating System	cisco	unified_ip_phone_8845_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_8845	-	No
Operating System	cisco	unified_ip_phone_8851_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_8851	-	No
Operating System	cisco	unified_ip_phone_8851nr_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_8851nr	-	No
Operating System	cisco	unified_ip_phone_8861_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_8861	-	No
Operating System	cisco	unified_ip_phone_8865_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_8865	-	No
Operating System	cisco	unified_ip_phone_8865nr_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_8865nr	-	No
Operating System	cisco	unified_ip_phone_8961_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_8961	-	No
Operating System	cisco	unified_ip_phone_8945_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_8945	-	No
Operating System	cisco	unified_ip_phone_8941_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_8941	-	No
Operating System	cisco	unified_ip_phone_9971_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_9971	-	No
Operating System	cisco	unified_ip_phone_9951_firmware	≤ 12.8\(1\)	Yes
Hardware	cisco	unified_ip_phone_9951	-	No

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM Vendor Advisory ([email protected])
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)