CVE-2020-3360

18.06.2020, 03:15

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cisco	CNA	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 57%

Vendor	Product	Version
cisco	unified_ip_phone_6901_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_6961_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_6945_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_6941_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_6921_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_6911_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7832_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7861_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7841_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7821_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7811_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7937g_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7975g_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7965g_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7962g_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7961g_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7960g_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7945g_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7942g_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7941g_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7940g_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7931g_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7911g_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_7906g_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_8811_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_8841_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_8845_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_8851_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_8851nr_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_8861_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_8865_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_8865nr_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_8961_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_8945_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_8941_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_9971_firmware	𝑥 ≤ 12.8\(1\)
cisco	unified_ip_phone_9951_firmware	𝑥 ≤ 12.8\(1\)

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM