VDB

CVE-2023-20018

CVE-2023-20018 PUBLISHED CVSS 8.600000381469727 HIGH

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.

EPSS 0.38% · 59.9th percentile

Risk Scores

CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
EPSS Score
0.38%
59.9th percentile

Affected Products

VendorProductVersions
ciscoip_phone_7861_firmware0
ciscoip_phone_8851_firmware0
ciscowireless_ip_phone_8821_firmware0
ciscoip_phone_8841_firmware0
ciscoip_phone_8821-ex_firmware0
ciscoip_phone_8861_firmware0
ciscoip_phone_7832_firmware0
ciscoip_phone_8832_firmware0
ciscoip_phone_8821_firmware0
ciscoip_phone_7821_firmware0
ciscoip_phone_7841_firmware0
CiscoCisco Session Initiation Protocol (SIP) Software11.0(3)SR5, *, *
ciscowireless_ip_phone_8821-ex_firmware0
ciscoip_phone_8811_firmware0
ciscoip_phones_8832_firmware0
ciscounified_ip_phone_8851nr_firmware0
ciscoip_phone_8831_firmware0
ciscoip_phone_8800_firmware0
ciscoip_phone_7811_firmware0
ciscoip_phone_7800_firmware0

…and 3 more

Exploit Intelligence

Timeline

  • Jan 19, 2023 CVE Published
  • Jan 20, 2023 EPSS Score
  • Mar 2, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 11, 2023 EPSS Score
  • May 22, 2023 EPSS Score
  • Jul 1, 2023 EPSS Score
  • Aug 11, 2023 EPSS Score
  • Sep 20, 2023 EPSS Score
  • Oct 31, 2023 EPSS Score
  • Dec 10, 2023 EPSS Score
  • Jan 20, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›