CVSS: 7.4EPSS: 0%CPEs: 22EXPL: 0CVE-2022-20817 – Cisco IP Phone Duplicate Key Vulnerability
https://notcve.org/view.php?id=CVE-2022-20817
A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 5.3EPSS: 0%CPEs: 74EXPL: 0CVE-2020-3360 – Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3360
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device. Una vulnerabilidad en la funcionalidad Web Access de Cisco IP Phones Series 7800 y Series 8800, podría permitir a un atacante remoto no autenticado visualizar información confidencial sobre un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2013-6685
https://notcve.org/view.php?id=CVE-2013-6685
The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak permissions for memory block devices, which allows local users to gain privileges by mounting a device with a setuid file in its filesystem, aka Bug ID CSCui04382. El firmware de teléfonos Cisco Unified IP 8961, 9951, y 9971 usa permisos débiles para dispositivos de bloque de memoria, lo que permite a usuarios locales obtener privilegios mediante el montaje de un dispositivo con un archivo setuid en su sistema de archivos, también conocido como Bug ID CSCui04382. • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6685 • CWE-264: Permissions, Privileges, and Access Controls •