Authentication Bypass in Cisco IP Phone 7800 and 8800 Series
CVE-2023-20018

6.5MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Session Initiation Protocol (SIP) Software
Vendor: CVE Published:; 20 January 2023

Summary

A security vulnerability exists in the web-based management interface of Cisco's IP Phone 7800 and 8800 Series. This flaw is attributed to inadequate validation of user-provided input, allowing an unauthenticated remote attacker to bypass authentication mechanisms on affected devices. By crafting and sending a specific request to the web management interface, the attacker can potentially gain access to sections that are typically secured. This poses a significant risk, emphasizing the need for users to implement proper security measures and updates.

Affected Version(s)

Cisco Session Initiation Protocol (SIP) Software 9.3(4) 3rd Party

Cisco Session Initiation Protocol (SIP) Software 9.3(4)SR3 3rd Party

Cisco Session Initiation Protocol (SIP) Software 9.3(4)SR1 3rd Party

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 20, 2023
Vulnerability Reserved
Oct 27, 2022