Web-based Management Interface Vulnerability in Cisco SPA500 Series Analog Telephone Adapters
CVE-2023-20218

5.8MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Small Business Ip Phones
Vendor
CVE Published:
3 August 2023

Badges

👾 Exploit Exists

Summary

A vulnerability exists in the web-based management interface of Cisco SPA500 Series Analog Telephone Adapters that allows an authenticated remote attacker to manipulate web pages viewed in users' browsers. This issue arises from the inadequate validation of user-supplied input, which can be exploited if the attacker tricks a user into clicking a specially crafted link. Successful exploitation can lead to redirection of users to harmful websites or pave the way for additional client-side attacks. Notably, Cisco will not provide software updates to remediate this vulnerability.

Affected Version(s)

Cisco Small Business IP Phones 7.6.0

Cisco Small Business IP Phones 7.6.2

Cisco Small Business IP Phones 7.6.2SR3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
5.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.