CVE-2023-20018 — HIGH (8.6)

Q: How severe is CVE-2023-20018?

CVE-2023-20018 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-20018?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Phone 7800 Firmware, Cisco Ip Phone 7800, Cisco Ip Phone 7811 Firmware, Cisco Ip Phone 7811, Cisco Ip Phone 7821 Firmware.

Vulnerability Description

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.

CVSS Score

8.6

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

HIGH

Affected Products

Vendor	Product	Versions
Cisco	Ip Phone 7800 Firmware	< 14.1\(1\)sr2
Cisco	Ip Phone 7800	-
Cisco	Ip Phone 7811 Firmware	< 14.1\(1\)sr2
Cisco	Ip Phone 7811	-
Cisco	Ip Phone 7821 Firmware	< 14.1\(1\)sr2
Cisco	Ip Phone 7821	-
Cisco	Ip Phone 7832 Firmware	< 14.1\(1\)sr2
Cisco	Ip Phone 7832	-
Cisco	Ip Phone 7841 Firmware	< 14.1\(1\)sr2
Cisco	Ip Phone 7841	-
Cisco	Ip Phone 7861 Firmware	< 14.1\(1\)sr2
Cisco	Ip Phone 7861	-
Cisco	Ip Phone 8800 Firmware	< 14.1\(1\)sr2
Cisco	Ip Phone 8800	-
Cisco	Ip Phone 8811 Firmware	< 14.1\(1\)sr2
Cisco	Ip Phone 8811	-
Cisco	Ip Phone 8821 Firmware	< 14.1\(1\)sr2
Cisco	Ip Phone 8821	-
Cisco	Ip Phone 8821-Ex Firmware	< 14.1\(1\)sr2
Cisco	Ip Phone 8821-Ex	-

Related Weaknesses (CWE)

CWE-863 CWE-288

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory

FAQ

What is CVE-2023-20018?

CVE-2023-20018 is a vulnerability with a CVSS score of 8.6 (HIGH). A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. T...

How severe is CVE-2023-20018?

CVE-2023-20018 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20018?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Phone 7800 Firmware, Cisco Ip Phone 7800, Cisco Ip Phone 7811 Firmware, Cisco Ip Phone 7811, Cisco Ip Phone 7821 Firmware.