CVE-2020-3360

Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability

CVSS 5.3 MEDIUMEPSS 1.3%CWE-200

Vexday Risk Score

13Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 5.3EPSS 1.3%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

18 jun 2020Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Produtos afetados

Cisco · Cisco IP Phone 8800 Series Software

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM