Vulnslist

find the latest Cisco vulnerabilities

Cisco IP Phone 7800 and 8800 Series Web Management Interface Authentication Bypass Vulnerability

cisco-sa-ip-phone-auth-bypass-pSqxZRPR · High · Published · Updated

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2023-20018
Cisco Bug IDsCSCwc37223, CSCwc37234
CVSS ScoreBase 8.6
Base 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Session Initiation Protocol (SIP) Software

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Session Initiation Protocol (SIP) Software known_affected cisco_csaf CVE-2023-20018 1

Related Products

Product CVE Evidence
Cisco IP phone CVE-2023-20018 Cisco OpenVuln
Cisco Session Initiation Protocol (SIP) Software CVE-2023-20018 Cisco CSAF
Cisco 8000 Series Routers CVE-2023-20018 Cisco OpenVuln