CVE-2022-20660
Cisco IP Phones Information Disclosure Vulnerability
Severity Score
4.6
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.
Una vulnerabilidad en la arquitectura de almacenamiento de información de varios modelos de teléfonos IP de Cisco podría permitir a un atacante físico no autenticado obtener información confidencial de un dispositivo afectado. Esta vulnerabilidad es debido al almacenamiento no cifrado de información confidencial en un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad al extraer físicamente y acceder a uno de los chips de memoria flash. Una explotación con éxito podría permitir al atacante obtener información confidencial del dispositivo, que podría ser usada para ataques posteriores
Cisco IP Phone Series 78x1, 88x5, 88x1, 7832, 8832, 8821 and 3905 suffer from an insecure password storage vulnerability.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-11-02 CVE Reserved
- 2022-01-14 CVE Published
- 2024-08-19 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-312: Cleartext Storage of Sensitive Information
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2022/Jan/34 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html | 2024-09-16 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ip Conference Phone 7832 Firmware Search vendor "Cisco" for product "Ip Conference Phone 7832 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Conference Phone 7832 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Conference Phone 7832 Search vendor "Cisco" for product "Ip Conference Phone 7832" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Conference Phone 8832 Firmware Search vendor "Cisco" for product "Ip Conference Phone 8832 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Conference Phone 8832 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Conference Phone 8832 Search vendor "Cisco" for product "Ip Conference Phone 8832" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 7811 Firmware Search vendor "Cisco" for product "Ip Phone 7811 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 7811 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7811 Search vendor "Cisco" for product "Ip Phone 7811" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 7821 Firmware Search vendor "Cisco" for product "Ip Phone 7821 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 7821 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7821 Search vendor "Cisco" for product "Ip Phone 7821" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 7841 Firmware Search vendor "Cisco" for product "Ip Phone 7841 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 7841 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7841 Search vendor "Cisco" for product "Ip Phone 7841" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 7861 Firmware Search vendor "Cisco" for product "Ip Phone 7861 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 7861 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7861 Search vendor "Cisco" for product "Ip Phone 7861" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8811 Firmware Search vendor "Cisco" for product "Ip Phone 8811 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 8811 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8811 Search vendor "Cisco" for product "Ip Phone 8811" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8841 Firmware Search vendor "Cisco" for product "Ip Phone 8841 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 8841 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8841 Search vendor "Cisco" for product "Ip Phone 8841" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8845 Firmware Search vendor "Cisco" for product "Ip Phone 8845 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 8845 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8845 Search vendor "Cisco" for product "Ip Phone 8845" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8851 Firmware Search vendor "Cisco" for product "Ip Phone 8851 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 8851 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8851 Search vendor "Cisco" for product "Ip Phone 8851" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8861 Firmware Search vendor "Cisco" for product "Ip Phone 8861 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 8861 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8861 Search vendor "Cisco" for product "Ip Phone 8861" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8865 Firmware Search vendor "Cisco" for product "Ip Phone 8865 Firmware" | < 14.1\(1\) Search vendor "Cisco" for product "Ip Phone 8865 Firmware" and version " < 14.1\(1\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8865 Search vendor "Cisco" for product "Ip Phone 8865" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Unified Ip Conference Phone 8831 Firmware Search vendor "Cisco" for product "Unified Ip Conference Phone 8831 Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Unified Ip Conference Phone 8831 Search vendor "Cisco" for product "Unified Ip Conference Phone 8831" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Unified Ip Conference Phone 8831 For Third-party Call Control Firmware Search vendor "Cisco" for product "Unified Ip Conference Phone 8831 For Third-party Call Control Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Unified Ip Conference Phone 8831 For Third-party Call Control Search vendor "Cisco" for product "Unified Ip Conference Phone 8831 For Third-party Call Control" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Unified Ip Phone 7945g Firmware Search vendor "Cisco" for product "Unified Ip Phone 7945g Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Unified Ip Phone 7945g Search vendor "Cisco" for product "Unified Ip Phone 7945g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Unified Ip Phone 7965g Firmware Search vendor "Cisco" for product "Unified Ip Phone 7965g Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Unified Ip Phone 7965g Search vendor "Cisco" for product "Unified Ip Phone 7965g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Unified Ip Phone 7975g Firmware Search vendor "Cisco" for product "Unified Ip Phone 7975g Firmware" | - | - |
Affected
| in | Cisco Search vendor "Cisco" | Unified Ip Phone 7975g Search vendor "Cisco" for product "Unified Ip Phone 7975g" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Unified Sip Phone 3905 Firmware Search vendor "Cisco" for product "Unified Sip Phone 3905 Firmware" | < 9.4\(1\)sr5 Search vendor "Cisco" for product "Unified Sip Phone 3905 Firmware" and version " < 9.4\(1\)sr5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Unified Sip Phone 3905 Search vendor "Cisco" for product "Unified Sip Phone 3905" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Wireless Ip Phone 8821 Firmware Search vendor "Cisco" for product "Wireless Ip Phone 8821 Firmware" | < 11.0\(6\)sr2 Search vendor "Cisco" for product "Wireless Ip Phone 8821 Firmware" and version " < 11.0\(6\)sr2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Wireless Ip Phone 8821 Search vendor "Cisco" for product "Wireless Ip Phone 8821" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Wireless Ip Phone 8821-ex Firmware Search vendor "Cisco" for product "Wireless Ip Phone 8821-ex Firmware" | < 11.0\(6\)sr2 Search vendor "Cisco" for product "Wireless Ip Phone 8821-ex Firmware" and version " < 11.0\(6\)sr2" | - |
Affected
| in | Cisco Search vendor "Cisco" | Wireless Ip Phone 8821-ex Search vendor "Cisco" for product "Wireless Ip Phone 8821-ex" | - | - |
Safe
|