PT-2023-1105 · Cisco · Cisco Ip Phone 8800 Series+1
Published
2023-01-11
·
Updated
2024-01-25
·
CVE-2023-20018
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:N/C:C/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Cisco IP Phone 7800 and 8800 Series Phones (affected versions not specified)
Description
A vulnerability in the web-based management interface could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This issue is due to insufficient validation of user-supplied input. An attacker could exploit this by sending a crafted request to the web-based management interface, potentially accessing certain parts of the web interface that would normally require authentication.
Recommendations
For Cisco IP Phone 7800 and 8800 Series Phones, consider restricting access to the web-based management interface until a fix is available.
As a temporary workaround, consider implementing additional authentication measures or access controls to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Authorization
Improper Authentication
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Ip Phone 7800 Series
Cisco Ip Phone 8800 Series