CVE-2022-20660: Cisco IP Phones Information Disclosure Vulnerability
First published: Fri Jan 14 2022(Updated: )
A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Ip Conference Phone 7832 Firmware | <14.1\(1\) | |
| Cisco Ip Conference Phone 7832 | ||
| Cisco Ip Conference Phone 8832 Firmware | <14.1\(1\) | |
| Cisco Ip Conference Phone 8832 | ||
| Cisco Ip Phone 7811 Firmware | <14.1\(1\) | |
| Cisco Ip Phone 7811 | ||
| Cisco Ip Phone 7821 Firmware | <14.1\(1\) | |
| Cisco Ip Phone 7821 | ||
| Cisco Ip Phone 7841 Firmware | <14.1\(1\) | |
| Cisco Ip Phone 7841 | ||
| Cisco Ip Phone 7861 Firmware | <14.1\(1\) | |
| Cisco IP Phone 7861 | ||
| Cisco Ip Phone 8811 Firmware | <14.1\(1\) | |
| Cisco Ip Phone 8811 | ||
| Cisco Ip Phone 8841 Firmware | <14.1\(1\) | |
| Cisco Ip Phone 8841 | ||
| Cisco Ip Phone 8845 Firmware | <14.1\(1\) | |
| Cisco Ip Phone 8845 | ||
| Cisco Ip Phone 8851 Firmware | <14.1\(1\) | |
| Cisco IP Phone 8851 | ||
| Cisco Ip Phone 8861 Firmware | <14.1\(1\) | |
| Cisco Ip Phone 8861 | ||
| Cisco Ip Phone 8865 Firmware | <14.1\(1\) | |
| Cisco Ip Phone 8865 | ||
| Cisco Unified Ip Conference Phone 8831 Firmware | ||
| Cisco Unified Ip Conference Phone 8831 | ||
| Cisco Unified Ip Conference Phone 8831 For Third-party Call Control Firmware | ||
| Cisco Unified Ip Conference Phone 8831 For Third-party Call Control | ||
| Cisco Unified Ip Phone 7945g Firmware | ||
| Cisco Unified Ip Phone 7945g | ||
| Cisco Unified Ip Phone 7965g Firmware | ||
| Cisco Unified Ip Phone 7965g | ||
| Cisco Unified Ip Phone 7975g Firmware | ||
| Cisco Unified Ip Phone 7975g | ||
| Cisco Unified Sip Phone 3905 Firmware | <9.4\(1\)sr5 | |
| Cisco Unified SIP Phone 3905 | ||
| Cisco Wireless Ip Phone 8821 Firmware | <11.0\(6\)sr2 | |
| Cisco Wireless Ip Phone 8821 | ||
| Cisco Wireless Ip Phone 8821-ex Firmware | <11.0\(6\)sr2 | |
| Cisco Wireless Ip Phone 8821-ex |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco IP Phone vulnerability?
The vulnerability ID for this Cisco IP Phone vulnerability is CVE-2022-20660.
What is the severity rating of CVE-2022-20660?
The severity rating of CVE-2022-20660 is medium, with a CVSS score of 4.6.
Which Cisco IP Phone models are affected by CVE-2022-20660?
Several Cisco IP Phone models are affected by CVE-2022-20660, including Cisco Ip Conference Phone 7832, Cisco Ip Conference Phone 8832, Cisco Ip Phone 7811, Cisco Ip Phone 7821, Cisco Ip Phone 7841, Cisco Ip Phone 7861, Cisco Ip Phone 8811, Cisco Ip Phone 8841, Cisco Ip Phone 8845, Cisco Ip Phone 8851, Cisco Ip Phone 8861, and Cisco Ip Phone 8865.
What is the vulnerability in Cisco IP Phone models due to?
The vulnerability in Cisco IP Phone models is due to unencrypted storage of confidential information on the affected devices.
How can an attacker exploit CVE-2022-20660?
An unauthenticated, physical attacker can exploit CVE-2022-20660 by obtaining confidential information from an affected Cisco IP Phone.
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco ip conference phone 7832 firmware
- canonical/cisco ip conference phone 7832
- canonical/cisco ip conference phone 8832 firmware
- canonical/cisco ip conference phone 8832
- canonical/cisco ip phone 7811 firmware
- canonical/cisco ip phone 7811
- canonical/cisco ip phone 7821 firmware
- canonical/cisco ip phone 7821
- canonical/cisco ip phone 7841 firmware
- canonical/cisco ip phone 7841
- canonical/cisco ip phone 7861 firmware
- canonical/cisco ip phone 7861
- canonical/cisco ip phone 8811 firmware
- canonical/cisco ip phone 8811
- canonical/cisco ip phone 8841 firmware
- canonical/cisco ip phone 8841
- canonical/cisco ip phone 8845 firmware
- canonical/cisco ip phone 8845
- canonical/cisco ip phone 8851 firmware
- canonical/cisco ip phone 8851
- canonical/cisco ip phone 8861 firmware
- canonical/cisco ip phone 8861
- canonical/cisco ip phone 8865 firmware
- canonical/cisco ip phone 8865
- canonical/cisco unified ip conference phone 8831 firmware
- canonical/cisco unified ip conference phone 8831
- canonical/cisco unified ip conference phone 8831 for third-party call control firmware
- canonical/cisco unified ip conference phone 8831 for third-party call control
- canonical/cisco unified ip phone 7945g firmware
- canonical/cisco unified ip phone 7945g
- canonical/cisco unified ip phone 7965g firmware
- canonical/cisco unified ip phone 7965g
- canonical/cisco unified ip phone 7975g firmware
- canonical/cisco unified ip phone 7975g
- canonical/cisco unified sip phone 3905 firmware
- canonical/cisco unified sip phone 3905
- canonical/cisco wireless ip phone 8821 firmware
- canonical/cisco wireless ip phone 8821
- canonical/cisco wireless ip phone 8821-ex firmware
- canonical/cisco wireless ip phone 8821-ex