cisco unified_ip_phone_6901_firmware 信息暴露

CVE编号

CVE-2020-3360

利用情况

暂无

补丁情况

N/A

披露时间

2020-06-18

漏洞描述

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-s...

受影响软件情况

#	类型	厂商	产品	版本	影响面
1
	运行在以下环境
	系统	cisco	unified_ip_phone_6901_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_6911_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_6921_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_6941_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_6945_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_6961_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7811_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7821_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7832_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7841_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7861_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7906g_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7911g_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7931g_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7937g_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7940g_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7941g_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7942g_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7945g_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7960g_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7961g_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7962g_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7965g_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_7975g_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_8811_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_8841_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_8845_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_8851nr_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_8851_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_8861_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
	系统	cisco	unified_ip_phone_8865nr_firmware	*		Up to (including) 12.8\(1\)
	运行在以下环境
系统	cisco	unified_ip_phone_8865_firmware	*		Up to (including) 12.8\(1\)
运行在以下环境
系统	cisco	unified_ip_phone_8941_firmware	*		Up to (including) 12.8\(1\)
运行在以下环境
系统	cisco	unified_ip_phone_8945_firmware	*		Up to (including) 12.8\(1\)
运行在以下环境
系统	cisco	unified_ip_phone_8961_firmware	*		Up to (including) 12.8\(1\)
运行在以下环境
系统	cisco	unified_ip_phone_9951_firmware	*		Up to (including) 12.8\(1\)
运行在以下环境
系统	cisco	unified_ip_phone_9971_firmware	*		Up to (including) 12.8\(1\)
运行在以下环境
硬件	cisco	unified_ip_phone_6901	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_6911	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_6921	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_6941	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_6945	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_6961	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7811	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7821	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7832	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7841	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7861	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7906g	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7911g	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7931g	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7937g	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7940g	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7941g	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7942g	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7945g	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7960g	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7961g	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7962g	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7965g	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_7975g	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_8811	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_8841	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_8845	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_8851	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_8851nr	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_8861	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_8865	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_8865nr	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_8941	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_8945	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_8961	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_9951	-	-
运行在以下环境
硬件	cisco	unified_ip_phone_9971	-	-

CVSS3评分 5.3

• 攻击路径 网络
• 攻击复杂度 低
• 权限要求 无
• 影响范围 未更改
• 用户交互 无
• 可用性 无
• 保密性 低
• 完整性 无

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-ID	漏洞类型
CWE-200	信息暴露
CWE-863	授权机制不正确

Exp相关链接

- avd.aliyun.com