Web-based Management Interface Vulnerability in Cisco SPA500 Series Analog Telephone Adapters
CVE-2023-20218

5.8MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Small Business Ip Phones
Vendor: CVE Published:; 3 August 2023

Badges

👾 Exploit Exists

What is CVE-2023-20218?

A vulnerability exists in the web-based management interface of Cisco SPA500 Series Analog Telephone Adapters that allows an authenticated remote attacker to manipulate web pages viewed in users' browsers. This issue arises from the inadequate validation of user-supplied input, which can be exploited if the attacker tricks a user into clicking a specially crafted link. Successful exploitation can lead to redirection of users to harmful websites or pave the way for additional client-side attacks. Notably, Cisco will not provide software updates to remediate this vulnerability.

Affected Version(s)

Cisco Small Business IP Phones 7.6.0

Cisco Small Business IP Phones 7.6.2

Cisco Small Business IP Phones 7.6.2SR3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

5.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Oct 17, 2024
Vulnerability published
Aug 3, 2023
Vulnerability Reserved
Oct 27, 2022