CVE-2020-3360

Name of the Vulnerable Software and Affected Versions Cisco IP Phones Series 7800 and Series 8800 (affected versions not specified)

Description A vulnerability in the Web Access feature could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This issue is due to improper access controls on the web-based management interface. An attacker could exploit this by sending malicious requests to bypass access restrictions, potentially allowing them to view sensitive information, including device call logs containing names, usernames, and phone numbers of users.

Recommendations For Cisco IP Phones Series 7800 and Series 8800, consider restricting access to the web-based management interface until a fix is available. As a temporary workaround, limit the exposure of the device to the internet and restrict access to the Web Access feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.