CVE-2020-3360 — Sensitive Information Exposure in Cisco Unified IP Phone 6901 Firmware

CWE-200 — Sensitive Information Exposure CWE-863 — Incorrect Authorization4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.4%

top 41.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified IP Phone 6901 Firmware Cisco Unified IP Phone 6911 Firmware Cisco Unified IP Phone 6921 Firmware +35 more

Timeline

PublishedJun 18

Latest updateMay 24

Description

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages38 packages

▶CVEListV5cisco/cisco_ip_phone_8800_series_softwaren/a

▶NVDcisco/unified_ip_phone_6901_firmware12.8\(1\)

▶NVDcisco/unified_ip_phone_6911_firmware12.8\(1\)

▶NVDcisco/unified_ip_phone_6921_firmware12.8\(1\)

▶NVDcisco/unified_ip_phone_6941_firmware12.8\(1\)

🔴Vulnerability Details

GHSA

GHSA-j6rq-w94j-r7m5: A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensi↗2022-05-24

▶

CVEList

Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability↗2020-06-18

▶

📋Vendor Advisories

Cisco

Cisco IP Phones Call Log Information Disclosure Vulnerability↗2020-06-17

▶