CVE-2025-20158 — Sensitive Information Exposure in Cisco Desk Phone 9841 Firmware

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

4.4MEDIUMNVD

EPSS

0.0%

top 88.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Desk Phone 9841 Firmware Cisco Desk Phone 9851 Firmware Cisco Desk Phone 9861 Firmware +3 more

Timeline

PublishedFeb 19

Description

A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access on the affected device. SSH access is disabled by default. This vulnerability is due to insufficient validation of user-supplied input by the debug shell of an affected device. An attacker could exploit…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages6 packages

▶NVDcisco/video_phone_8875_firmware< 3.3\(1\)

▶NVDcisco/desk_phone_9841_firmware< 3.3\(1\)

▶NVDcisco/desk_phone_9851_firmware< 3.3\(1\)

▶NVDcisco/desk_phone_9861_firmware< 3.3\(1\)

▶NVDcisco/desk_phone_9871_firmware< 3.3\(1\)

🔴Vulnerability Details

GHSA

GHSA-fppv-gxpq-7mg9: A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access s↗2025-02-19

▶

CVEList

Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability↗2025-02-19

▶

📋Vendor Advisories

Cisco

Cisco Video Phone 8875 and Desk Phone 9800 Series Information Disclosure Vulnerability↗2025-02-19

▶