CVE-2023-20018
First published: Thu Jan 19 2023(Updated: )
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Ip Phone 7800 Firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 7800 | ||
| Cisco Ip Phone 7811 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 7811 | ||
| Cisco Ip Phone 7821 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 7821 | ||
| Cisco Ip Phone 7832 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 7832 | ||
| Cisco Ip Phone 7841 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 7841 | ||
| Cisco Ip Phone 7861 Firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 7861 | ||
| Cisco Ip Phone 8800 Firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 8800 | ||
| Cisco Ip Phone 8811 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8811 | ||
| Cisco Ip Phone 8821 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8821 | ||
| Cisco Ip Phone 8821-ex Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8821-ex | ||
| Cisco Ip Phone 8831 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8831 | ||
| Cisco Ip Phone 8832 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8832 | ||
| Cisco Ip Phone 8841 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8841 | ||
| Cisco Ip Phone 8845 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8845 | ||
| Cisco Ip Phone 8851 Firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 8851 | ||
| Cisco Ip Phone 8861 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8861 | ||
| Cisco Ip Phone 8865 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8865 | ||
| Cisco Ip Phones 8832 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phones 8832 | ||
| Cisco Unified Ip Phone 8851nr Firmware | <14.1\(1\)sr2 | |
| Cisco Unified Ip Phone 8851nr | ||
| Cisco Unified Ip Phone 8865nr Firmware | <14.1\(1\)sr2 | |
| Cisco Unified Ip Phone 8865nr | ||
| Cisco Wireless Ip Phone 8821 Firmware | <11.0\(6\)sr4 | |
| Cisco Wireless Ip Phone 8821 | ||
| Cisco Wireless Ip Phone 8821-ex Firmware | <11.0\(6\)sr4 | |
| Cisco Wireless Ip Phone 8821-ex | ||
| All of | ||
| Cisco Ip Phone 7800 Firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 7800 | ||
| All of | ||
| Cisco Ip Phone 7811 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 7811 | ||
| All of | ||
| Cisco Ip Phone 7821 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 7821 | ||
| All of | ||
| Cisco Ip Phone 7832 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 7832 | ||
| All of | ||
| Cisco Ip Phone 7841 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 7841 | ||
| All of | ||
| Cisco Ip Phone 7861 Firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 7861 | ||
| All of | ||
| Cisco Ip Phone 8800 Firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 8800 | ||
| All of | ||
| Cisco Ip Phone 8811 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8811 | ||
| All of | ||
| Cisco Ip Phone 8821 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8821 | ||
| All of | ||
| Cisco Ip Phone 8821-ex Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8821-ex | ||
| All of | ||
| Cisco Ip Phone 8831 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8831 | ||
| All of | ||
| Cisco Ip Phone 8832 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8832 | ||
| All of | ||
| Cisco Ip Phone 8841 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8841 | ||
| All of | ||
| Cisco Ip Phone 8845 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8845 | ||
| All of | ||
| Cisco Ip Phone 8851 Firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 8851 | ||
| All of | ||
| Cisco Ip Phone 8861 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8861 | ||
| All of | ||
| Cisco Ip Phone 8865 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phone 8865 | ||
| All of | ||
| Cisco Ip Phones 8832 Firmware | <14.1\(1\)sr2 | |
| Cisco Ip Phones 8832 | ||
| All of | ||
| Cisco Unified Ip Phone 8851nr Firmware | <14.1\(1\)sr2 | |
| Cisco Unified Ip Phone 8851nr | ||
| All of | ||
| Cisco Unified Ip Phone 8865nr Firmware | <14.1\(1\)sr2 | |
| Cisco Unified Ip Phone 8865nr | ||
| All of | ||
| Cisco Wireless Ip Phone 8821 Firmware | <11.0\(6\)sr4 | |
| Cisco Wireless Ip Phone 8821 | ||
| All of | ||
| Cisco Wireless Ip Phone 8821-ex Firmware | <11.0\(6\)sr4 | |
| Cisco Wireless Ip Phone 8821-ex |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-20018.
What is the severity level of CVE-2023-20018?
The severity level of CVE-2023-20018 is high, with a CVSS score of 6.5.
Which Cisco IP Phone series are affected by CVE-2023-20018?
CVE-2023-20018 affects the Cisco IP Phone 7800 and 8800 Series Phones.
How can an attacker exploit CVE-2023-20018?
An attacker can exploit CVE-2023-20018 by bypassing authentication on the affected device through the web-based management interface.
Where can I find more information about CVE-2023-20018?
You can find more information about CVE-2023-20018 in the Cisco Security Advisory at this link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/cisco
- canonical/cisco ip phone 7800 firmware
- canonical/cisco ip phone 7800
- canonical/cisco ip phone 7811 firmware
- canonical/cisco ip phone 7811
- canonical/cisco ip phone 7821 firmware
- canonical/cisco ip phone 7821
- canonical/cisco ip phone 7832 firmware
- canonical/cisco ip phone 7832
- canonical/cisco ip phone 7841 firmware
- canonical/cisco ip phone 7841
- canonical/cisco ip phone 7861 firmware
- canonical/cisco ip phone 7861
- canonical/cisco ip phone 8800 firmware
- canonical/cisco ip phone 8800
- canonical/cisco ip phone 8811 firmware
- canonical/cisco ip phone 8811
- canonical/cisco ip phone 8821 firmware
- canonical/cisco ip phone 8821
- canonical/cisco ip phone 8821-ex firmware
- canonical/cisco ip phone 8821-ex
- canonical/cisco ip phone 8831 firmware
- canonical/cisco ip phone 8831
- canonical/cisco ip phone 8832 firmware
- canonical/cisco ip phone 8832
- canonical/cisco ip phone 8841 firmware
- canonical/cisco ip phone 8841
- canonical/cisco ip phone 8845 firmware
- canonical/cisco ip phone 8845
- canonical/cisco ip phone 8851 firmware
- canonical/cisco ip phone 8851
- canonical/cisco ip phone 8861 firmware
- canonical/cisco ip phone 8861
- canonical/cisco ip phone 8865 firmware
- canonical/cisco ip phone 8865
- canonical/cisco ip phones 8832 firmware
- canonical/cisco ip phones 8832
- canonical/cisco unified ip phone 8851nr firmware
- canonical/cisco unified ip phone 8851nr
- canonical/cisco unified ip phone 8865nr firmware
- canonical/cisco unified ip phone 8865nr
- canonical/cisco wireless ip phone 8821 firmware
- canonical/cisco wireless ip phone 8821
- canonical/cisco wireless ip phone 8821-ex firmware
- canonical/cisco wireless ip phone 8821-ex