8.6
CWE
863 288
Advisory Published
Updated

CVE-2023-20018

First published: Thu Jan 19 2023(Updated: )

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected SoftwareAffected VersionHow to fix
Cisco Ip Phone 7800 Firmware<14.1\(1\)sr2
Cisco IP Phone 7800
Cisco Ip Phone 7811 Firmware<14.1\(1\)sr2
Cisco Ip Phone 7811
Cisco Ip Phone 7821 Firmware<14.1\(1\)sr2
Cisco Ip Phone 7821
Cisco Ip Phone 7832 Firmware<14.1\(1\)sr2
Cisco Ip Phone 7832
Cisco Ip Phone 7841 Firmware<14.1\(1\)sr2
Cisco Ip Phone 7841
Cisco Ip Phone 7861 Firmware<14.1\(1\)sr2
Cisco IP Phone 7861
Cisco Ip Phone 8800 Firmware<14.1\(1\)sr2
Cisco IP Phone 8800
Cisco Ip Phone 8811 Firmware<14.1\(1\)sr2
Cisco Ip Phone 8811
Cisco Ip Phone 8821 Firmware<14.1\(1\)sr2
Cisco Ip Phone 8821
Cisco Ip Phone 8821-ex Firmware<14.1\(1\)sr2
Cisco Ip Phone 8821-ex
Cisco Ip Phone 8831 Firmware<14.1\(1\)sr2
Cisco Ip Phone 8831
Cisco Ip Phone 8832 Firmware<14.1\(1\)sr2
Cisco Ip Phone 8832
Cisco Ip Phone 8841 Firmware<14.1\(1\)sr2
Cisco Ip Phone 8841
Cisco Ip Phone 8845 Firmware<14.1\(1\)sr2
Cisco Ip Phone 8845
Cisco Ip Phone 8851 Firmware<14.1\(1\)sr2
Cisco IP Phone 8851
Cisco Ip Phone 8861 Firmware<14.1\(1\)sr2
Cisco Ip Phone 8861
Cisco Ip Phone 8865 Firmware<14.1\(1\)sr2
Cisco Ip Phone 8865
Cisco Ip Phones 8832 Firmware<14.1\(1\)sr2
Cisco Ip Phones 8832
Cisco Unified Ip Phone 8851nr Firmware<14.1\(1\)sr2
Cisco Unified Ip Phone 8851nr
Cisco Unified Ip Phone 8865nr Firmware<14.1\(1\)sr2
Cisco Unified Ip Phone 8865nr
Cisco Wireless Ip Phone 8821 Firmware<11.0\(6\)sr4
Cisco Wireless Ip Phone 8821
Cisco Wireless Ip Phone 8821-ex Firmware<11.0\(6\)sr4
Cisco Wireless Ip Phone 8821-ex
All of
Cisco Ip Phone 7800 Firmware<14.1\(1\)sr2
Cisco IP Phone 7800
All of
Cisco Ip Phone 7811 Firmware<14.1\(1\)sr2
Cisco Ip Phone 7811
All of
Cisco Ip Phone 7821 Firmware<14.1\(1\)sr2
Cisco Ip Phone 7821
All of
Cisco Ip Phone 7832 Firmware<14.1\(1\)sr2
Cisco Ip Phone 7832
All of
Cisco Ip Phone 7841 Firmware<14.1\(1\)sr2
Cisco Ip Phone 7841
All of
Cisco Ip Phone 7861 Firmware<14.1\(1\)sr2
Cisco IP Phone 7861
All of
Cisco Ip Phone 8800 Firmware<14.1\(1\)sr2
Cisco IP Phone 8800
All of
Cisco Ip Phone 8811 Firmware<14.1\(1\)sr2
Cisco Ip Phone 8811
All of
Cisco Ip Phone 8821 Firmware<14.1\(1\)sr2
Cisco Ip Phone 8821
All of
Cisco Ip Phone 8821-ex Firmware<14.1\(1\)sr2
Cisco Ip Phone 8821-ex
All of
Cisco Ip Phone 8831 Firmware<14.1\(1\)sr2
Cisco Ip Phone 8831
All of
Cisco Ip Phone 8832 Firmware<14.1\(1\)sr2
Cisco Ip Phone 8832
All of
Cisco Ip Phone 8841 Firmware<14.1\(1\)sr2
Cisco Ip Phone 8841
All of
Cisco Ip Phone 8845 Firmware<14.1\(1\)sr2
Cisco Ip Phone 8845
All of
Cisco Ip Phone 8851 Firmware<14.1\(1\)sr2
Cisco IP Phone 8851
All of
Cisco Ip Phone 8861 Firmware<14.1\(1\)sr2
Cisco Ip Phone 8861
All of
Cisco Ip Phone 8865 Firmware<14.1\(1\)sr2
Cisco Ip Phone 8865
All of
Cisco Ip Phones 8832 Firmware<14.1\(1\)sr2
Cisco Ip Phones 8832
All of
Cisco Unified Ip Phone 8851nr Firmware<14.1\(1\)sr2
Cisco Unified Ip Phone 8851nr
All of
Cisco Unified Ip Phone 8865nr Firmware<14.1\(1\)sr2
Cisco Unified Ip Phone 8865nr
All of
Cisco Wireless Ip Phone 8821 Firmware<11.0\(6\)sr4
Cisco Wireless Ip Phone 8821
All of
Cisco Wireless Ip Phone 8821-ex Firmware<11.0\(6\)sr4
Cisco Wireless Ip Phone 8821-ex

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the vulnerability ID for this issue?

    The vulnerability ID for this issue is CVE-2023-20018.

  • What is the severity level of CVE-2023-20018?

    The severity level of CVE-2023-20018 is high, with a CVSS score of 6.5.

  • Which Cisco IP Phone series are affected by CVE-2023-20018?

    CVE-2023-20018 affects the Cisco IP Phone 7800 and 8800 Series Phones.

  • How can an attacker exploit CVE-2023-20018?

    An attacker can exploit CVE-2023-20018 by bypassing authentication on the affected device through the web-based management interface.

  • Where can I find more information about CVE-2023-20018?

    You can find more information about CVE-2023-20018 in the Cisco Security Advisory at this link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203