CVE-2020-3360
moderate-risk
Published 2020-06-18
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.
Do I need to act?
-
0.36% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
Unified Ip Phone 6901 Firmware
Unified Ip Phone 6961 Firmware
Unified Ip Phone 6945 Firmware
Unified Ip Phone 6941 Firmware
Unified Ip Phone 6921 Firmware
Unified Ip Phone 6911 Firmware
Unified Ip Phone 7832 Firmware
Unified Ip Phone 7861 Firmware
Unified Ip Phone 7841 Firmware
Unified Ip Phone 7821 Firmware
Unified Ip Phone 7811 Firmware
Unified Ip Phone 7937G Firmware
Unified Ip Phone 7975G Firmware
Unified Ip Phone 7965G Firmware
Unified Ip Phone 7962G Firmware
Unified Ip Phone 7961G Firmware
Unified Ip Phone 7960G Firmware
Unified Ip Phone 7945G Firmware
Unified Ip Phone 7942G Firmware
Unified Ip Phone 7941G Firmware
Affected Vendors
References (2)
46
/ 100
moderate-risk
Severity
21/34 · High
Exploitability
1/34 · Minimal
Exposure
24/34 · High