CVE-2022-20774
Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability
Severity Score
8.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.
Una vulnerabilidad en la interfaz de administración basada en web de los teléfonos IP de las series 6800, 7800 y 8800 de Cisco con firmware multiplataforma podría permitir a un atacante remoto no autenticado conducir un ataque de tipo cross-site request forgery (CSRF) contra un usuario de la interfaz basada en la web de un sistema afectado. Esta vulnerabilidad es debido a unas protecciones insuficientes de tipo CSRF para la interfaz de administración basada en web de un dispositivo afectado. Un atacante podría explotar esta vulnerabilidad al persuadir a un usuario autenticado de la interfaz para que siga un enlace diseñado. Una explotación con éxito podría permitir al atacante llevar a cabo cambios de configuración en el dispositivo afectado, resultando en una condición de denegación de servicio (DoS)
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-11-02 CVE Reserved
- 2022-04-06 CVE Published
- 2023-10-28 EPSS Updated
- 2024-11-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-345: Insufficient Verification of Data Authenticity
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Ip Phone 6871 Firmware Search vendor "Cisco" for product "Ip Phone 6871 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 6871 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 6871 Search vendor "Cisco" for product "Ip Phone 6871" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 6861 Firmware Search vendor "Cisco" for product "Ip Phone 6861 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 6861 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 6861 Search vendor "Cisco" for product "Ip Phone 6861" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 6851 Firmware Search vendor "Cisco" for product "Ip Phone 6851 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 6851 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 6851 Search vendor "Cisco" for product "Ip Phone 6851" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 6841 Firmware Search vendor "Cisco" for product "Ip Phone 6841 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 6841 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 6841 Search vendor "Cisco" for product "Ip Phone 6841" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 6825 Firmware Search vendor "Cisco" for product "Ip Phone 6825 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 6825 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 6825 Search vendor "Cisco" for product "Ip Phone 6825" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 7861 Firmware Search vendor "Cisco" for product "Ip Phone 7861 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 7861 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7861 Search vendor "Cisco" for product "Ip Phone 7861" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 7841 Firmware Search vendor "Cisco" for product "Ip Phone 7841 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 7841 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7841 Search vendor "Cisco" for product "Ip Phone 7841" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 7832 Firmware Search vendor "Cisco" for product "Ip Phone 7832 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 7832 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7832 Search vendor "Cisco" for product "Ip Phone 7832" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 7821 Firmware Search vendor "Cisco" for product "Ip Phone 7821 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 7821 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7821 Search vendor "Cisco" for product "Ip Phone 7821" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 7811 Firmware Search vendor "Cisco" for product "Ip Phone 7811 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 7811 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 7811 Search vendor "Cisco" for product "Ip Phone 7811" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8865 Firmware Search vendor "Cisco" for product "Ip Phone 8865 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 8865 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8865 Search vendor "Cisco" for product "Ip Phone 8865" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8861 Firmware Search vendor "Cisco" for product "Ip Phone 8861 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 8861 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8861 Search vendor "Cisco" for product "Ip Phone 8861" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8851 Firmware Search vendor "Cisco" for product "Ip Phone 8851 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 8851 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8851 Search vendor "Cisco" for product "Ip Phone 8851" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8845 Firmware Search vendor "Cisco" for product "Ip Phone 8845 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 8845 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8845 Search vendor "Cisco" for product "Ip Phone 8845" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8841 Firmware Search vendor "Cisco" for product "Ip Phone 8841 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 8841 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8841 Search vendor "Cisco" for product "Ip Phone 8841" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8832 Firmware Search vendor "Cisco" for product "Ip Phone 8832 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 8832 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8832 Search vendor "Cisco" for product "Ip Phone 8832" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Ip Phone 8811 Firmware Search vendor "Cisco" for product "Ip Phone 8811 Firmware" | < 11.3.5 Search vendor "Cisco" for product "Ip Phone 8811 Firmware" and version " < 11.3.5" | - |
Affected
| in | Cisco Search vendor "Cisco" | Ip Phone 8811 Search vendor "Cisco" for product "Ip Phone 8811" | - | - |
Safe
|