CVE-2023-20078
03.03.2023, 16:15
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.Enginsight
| Vendor | Product | Version |
|---|---|---|
| cisco | ip_phone_6871_firmware | 𝑥 < 11.3.7sr1 |
| cisco | ip_phone_6861_firmware | 𝑥 < 11.3.7sr1 |
| cisco | ip_phone_6851_firmware | 𝑥 < 11.3.7sr1 |
| cisco | ip_phone_6841_firmware | 𝑥 < 11.3.7sr1 |
| cisco | ip_phone_6825_firmware | 𝑥 < 11.3.7sr1 |
| cisco | ip_phone_7861_firmware | 𝑥 < 11.3.7sr1 |
| cisco | ip_phone_7841_firmware | 𝑥 < 11.3.7sr1 |
| cisco | ip_phone_7832_firmware | 𝑥 < 11.3.7sr1 |
| cisco | ip_phone_7821_firmware | 𝑥 < 11.3.7sr1 |
| cisco | ip_phone_7811_firmware | 𝑥 < 11.3.7sr1 |
| cisco | ip_phone_8865_firmware | 𝑥 < 11.3.7sr1 |
| cisco | ip_phone_8861_firmware | 𝑥 < 11.3.7sr1 |
| cisco | ip_phone_8851_firmware | 𝑥 < 11.3.7sr1 |
| cisco | ip_phone_8845_firmware | 𝑥 < 11.3.7sr1 |
| cisco | ip_phone_8841_firmware | 𝑥 < 11.3.7sr1 |
| cisco | ip_phone_8832_firmware | 𝑥 < 11.3.7sr1 |
| cisco | ip_phone_8811_firmware | 𝑥 < 11.3.7sr1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.