CVE-2023-20018
First published: Thu Jan 19 2023(Updated: )
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.
Credit: ykramarz@cisco.com ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Cisco IP Conference Phone 7800 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 7800 Series | ||
| All of | ||
| Cisco IP Phone 7811 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 7811 firmware | ||
| All of | ||
| Cisco IP Phone 7821 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 7821 firmware | ||
| All of | ||
| Cisco IP Conference Phone 7832 Firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 7832 firmware | ||
| All of | ||
| Cisco IP Phone 7841 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 7841 firmware | ||
| All of | ||
| Cisco IP Phone 7861 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 7861 firmware | ||
| All of | ||
| Cisco IP Phone 8800 Series Firmware | <14.1\(1\)sr2 | |
| Cisco 8800 | ||
| All of | ||
| Cisco IP Phone 8811 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 8811 firmware | ||
| All of | ||
| Cisco Wireless IP Phone 8821 Firmware | <14.1\(1\)sr2 | |
| Cisco Wireless IP Phone 8821-EX | ||
| All of | ||
| Cisco Wireless IP Phone 8821-EX firmware | <14.1\(1\)sr2 | |
| Cisco Wireless IP Phone 8821-EX | ||
| All of | ||
| Cisco 8831 Firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 8831 firmware | ||
| All of | ||
| cisco ip phone 8832 firmware | <14.1\(1\)sr2 | |
| cisco ip phone 8832 | ||
| All of | ||
| Cisco IP Phone 8841 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 8841 firmware | ||
| All of | ||
| Cisco IP Phone 8845 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 8845 firmware | ||
| All of | ||
| Cisco IP Phone 8851 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 8851 firmware | ||
| All of | ||
| cisco ip phone 8861 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 8861 Firmware 3PCC | ||
| All of | ||
| cisco ip phone 8865 firmware | <14.1\(1\)sr2 | |
| cisco ip phone 8865 | ||
| All of | ||
| Cisco IP Phones 8832 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phones 8832 firmware | ||
| All of | ||
| Cisco Unified IP Phone 8851nr Firmware | <14.1\(1\)sr2 | |
| Cisco Unified IP Phone 8851nr Firmware | ||
| All of | ||
| Cisco Unified IP Phone 8865 | <14.1\(1\)sr2 | |
| Cisco Unified IP Phone 8865 | ||
| All of | ||
| Cisco Wireless IP Phone 8821-EX firmware | <11.0\(6\)sr4 | |
| Cisco Wireless IP Phone 8821-EX | ||
| All of | ||
| Cisco Wireless IP Phone 8821-EX firmware | <11.0\(6\)sr4 | |
| Cisco Wireless IP Phone 8821-EX firmware | ||
| Cisco IP Conference Phone 7800 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 7800 Series | ||
| Cisco IP Phone 7811 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 7811 firmware | ||
| Cisco IP Phone 7821 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 7821 firmware | ||
| Cisco IP Conference Phone 7832 Firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 7832 firmware | ||
| Cisco IP Phone 7841 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 7841 firmware | ||
| Cisco IP Phone 7861 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 7861 firmware | ||
| Cisco IP Phone 8800 Series Firmware | <14.1\(1\)sr2 | |
| Cisco 8800 | ||
| Cisco IP Phone 8811 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 8811 firmware | ||
| Cisco Wireless IP Phone 8821 Firmware | <14.1\(1\)sr2 | |
| Cisco Wireless IP Phone 8821-EX | ||
| Cisco Wireless IP Phone 8821-EX firmware | <14.1\(1\)sr2 | |
| Cisco Wireless IP Phone 8821-EX | ||
| Cisco 8831 Firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 8831 firmware | ||
| cisco ip phone 8832 firmware | <14.1\(1\)sr2 | |
| cisco ip phone 8832 | ||
| Cisco IP Phone 8841 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 8841 firmware | ||
| Cisco IP Phone 8845 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 8845 firmware | ||
| Cisco IP Phone 8851 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 8851 firmware | ||
| cisco ip phone 8861 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phone 8861 Firmware 3PCC | ||
| cisco ip phone 8865 firmware | <14.1\(1\)sr2 | |
| cisco ip phone 8865 | ||
| Cisco IP Phones 8832 firmware | <14.1\(1\)sr2 | |
| Cisco IP Phones 8832 firmware | ||
| Cisco Unified IP Phone 8851nr Firmware | <14.1\(1\)sr2 | |
| Cisco Unified IP Phone 8851nr Firmware | ||
| Cisco Unified IP Phone 8865 | <14.1\(1\)sr2 | |
| Cisco Unified IP Phone 8865 | ||
| Cisco Wireless IP Phone 8821-EX firmware | <11.0\(6\)sr4 | |
| Cisco Wireless IP Phone 8821-EX | ||
| Cisco Wireless IP Phone 8821-EX firmware | <11.0\(6\)sr4 | |
| Cisco Wireless IP Phone 8821-EX firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2023-20018.
What is the severity level of CVE-2023-20018?
The severity level of CVE-2023-20018 is high, with a CVSS score of 6.5.
Which Cisco IP Phone series are affected by CVE-2023-20018?
CVE-2023-20018 affects the Cisco IP Phone 7800 and 8800 Series Phones.
How can an attacker exploit CVE-2023-20018?
An attacker can exploit CVE-2023-20018 by bypassing authentication on the affected device through the web-based management interface.
Where can I find more information about CVE-2023-20018?
You can find more information about CVE-2023-20018 in the Cisco Security Advisory at this link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/cisco
- canonical/cisco ip conference phone 7800 firmware
- canonical/cisco ip phone 7800 series
- canonical/cisco ip phone 7811 firmware
- canonical/cisco ip phone 7821 firmware
- canonical/cisco ip conference phone 7832 firmware
- canonical/cisco ip phone 7832 firmware
- canonical/cisco ip phone 7841 firmware
- canonical/cisco ip phone 7861 firmware
- canonical/cisco ip phone 8800 series firmware
- canonical/cisco 8800
- canonical/cisco ip phone 8811 firmware
- canonical/cisco wireless ip phone 8821 firmware
- canonical/cisco wireless ip phone 8821-ex
- canonical/cisco wireless ip phone 8821-ex firmware
- canonical/cisco 8831 firmware
- canonical/cisco ip phone 8831 firmware
- canonical/cisco ip phone 8832 firmware
- canonical/cisco ip phone 8832
- canonical/cisco ip phone 8841 firmware
- canonical/cisco ip phone 8845 firmware
- canonical/cisco ip phone 8851 firmware
- canonical/cisco ip phone 8861 firmware
- canonical/cisco ip phone 8861 firmware 3pcc
- canonical/cisco ip phone 8865 firmware
- canonical/cisco ip phone 8865
- canonical/cisco ip phones 8832 firmware
- canonical/cisco unified ip phone 8851nr firmware
- canonical/cisco unified ip phone 8865