CVE-2020-3360
Description
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.358
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Cisco IP Phones Call Log Information Disclosure Vulnerability For Cisco IP Phone 7800 Series | NCM |
| Cisco IP Phones Call Log Information Disclosure Vulnerability For Cisco IP Phone 8800 Series | NCM |
| Cisco IP Phones Call Log Information Disclosure Vulnerability For Cisco SIP IP Phone Software | NCM |
| Incorrect Authorization Vulnerability (CVE-2020-3360) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1705975 | Security Update for Cisco IP Phone 7800 Series 11.7(1) |
| PATCH-1705974 | Security Update for Cisco IP Phone 8800 Series 11.7(1)SC2 |
| PATCH-1705918 | Security Update for Cisco SIP IP Phone Software 11.7(1)MN19 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234