CVE-2020-3360 — MEDIUM (5.3)

Q: How severe is CVE-2020-3360?

CVE-2020-3360 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-3360?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Ip Phone 6901 Firmware, Cisco Unified Ip Phone 6901, Cisco Unified Ip Phone 6961 Firmware, Cisco Unified Ip Phone 6961, Cisco Unified Ip Phone 6945 Firmware.

Vulnerability Description

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Unified Ip Phone 6901 Firmware	<= 12.8\(1\)
Cisco	Unified Ip Phone 6901	-
Cisco	Unified Ip Phone 6961 Firmware	<= 12.8\(1\)
Cisco	Unified Ip Phone 6961	-
Cisco	Unified Ip Phone 6945 Firmware	<= 12.8\(1\)
Cisco	Unified Ip Phone 6945	-
Cisco	Unified Ip Phone 6941 Firmware	<= 12.8\(1\)
Cisco	Unified Ip Phone 6941	-
Cisco	Unified Ip Phone 6921 Firmware	<= 12.8\(1\)
Cisco	Unified Ip Phone 6921	-
Cisco	Unified Ip Phone 6911 Firmware	<= 12.8\(1\)
Cisco	Unified Ip Phone 6911	-
Cisco	Unified Ip Phone 7832 Firmware	<= 12.8\(1\)
Cisco	Unified Ip Phone 7832	-
Cisco	Unified Ip Phone 7861 Firmware	<= 12.8\(1\)
Cisco	Unified Ip Phone 7861	-
Cisco	Unified Ip Phone 7841 Firmware	<= 12.8\(1\)
Cisco	Unified Ip Phone 7841	-
Cisco	Unified Ip Phone 7821 Firmware	<= 12.8\(1\)
Cisco	Unified Ip Phone 7821	-

Related Weaknesses (CWE)

CWE-863 CWE-200

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pVendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pVendor Advisory

FAQ

What is CVE-2020-3360?

CVE-2020-3360 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulner...

How severe is CVE-2020-3360?

CVE-2020-3360 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3360?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Ip Phone 6901 Firmware, Cisco Unified Ip Phone 6901, Cisco Unified Ip Phone 6961 Firmware, Cisco Unified Ip Phone 6961, Cisco Unified Ip Phone 6945 Firmware.