CVE-2023-20181
published 2023-08-03CVE-2023-20181: A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to…
PriorityP429medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.43%
34.2th percentile
A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
| cisco | cisco_small_business_ip_phones | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vendor_cisco6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Small Business SPA500 Series IP Phones Web UI Vulnerabilities
vendor_cisco·2023-07-19·CVSS 6.1
CVE-2023-20181 [MEDIUM] CWE-80 Cisco Small Business SPA500 Series IP Phones Web UI Vulnerabilities
Cisco Small Business SPA500 Series IP Phones Web UI Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) or HTML injection attacks.
For more information about these vulnerabilities, see the Details section of this advisory.
There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F
Cisco
Cisco Small Business SPA500 Series IP Phones Web UI Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2023-20181 Cisco Small Business SPA500 Series IP Phones Web UI Vulnerabilities
CVE-2023-20181: Cisco Small Business SPA500 Series IP Phones Web UI Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) or HTML injection attacks. For more information about these vulnerabilities, see the
CVSS: 3.1
CWE: CWE-80, CWE-80
Bug IDs: CSCwf04956, CSCwf82071, CSCwf04956, CSCwf82071
GHSA
GHSA-44cq-gv9f-h346: A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker
ghsa_unreviewed·2023-08-04
CVE-2023-20181 [MEDIUM] CWE-79 GHSA-44cq-gv9f-h346: A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker
A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-08-03
Published