CVE-2022-20774

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 06-04-2022 09:15

Last modified: - 14-04-2022 11:11

Total changes: - 2

Description

A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform configuration changes on the affected device, resulting in a denial of service (DoS) condition.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

Required

User interaction

8.1

Base score

2.8

5.2

Exploitability score

Impact score

Verification logic

AND

vendor=cisco AND product=ip_phone_6871_firmware AND versionEndExcluding=11.3.5

vendor=cisco AND product=ip_phone_6871 AND version=-

AND

vendor=cisco AND product=ip_phone_6861_firmware AND versionEndExcluding=11.3.5

vendor=cisco AND product=ip_phone_6861 AND version=-

AND

vendor=cisco AND product=ip_phone_6851_firmware AND versionEndExcluding=11.3.5

vendor=cisco AND product=ip_phone_6851 AND version=-

AND

vendor=cisco AND product=ip_phone_6841_firmware AND versionEndExcluding=11.3.5

vendor=cisco AND product=ip_phone_6841 AND version=-

AND

vendor=cisco AND product=ip_phone_6825_firmware AND versionEndExcluding=11.3.5

vendor=cisco AND product=ip_phone_6825 AND version=-

AND

vendor=cisco AND product=ip_phone_7861_firmware AND versionEndExcluding=11.3.5

vendor=cisco AND product=ip_phone_7861 AND version=-

AND

vendor=cisco AND product=ip_phone_7841_firmware AND versionEndExcluding=11.3.5

vendor=cisco AND product=ip_phone_7841 AND version=-

AND

vendor=cisco AND product=ip_phone_7832_firmware AND versionEndExcluding=11.3.5

vendor=cisco AND product=ip_phone_7832 AND version=-

AND

vendor=cisco AND product=ip_phone_7821_firmware AND versionEndExcluding=11.3.5

vendor=cisco AND product=ip_phone_7821 AND version=-

AND

vendor=cisco AND product=ip_phone_7811_firmware AND versionEndExcluding=11.3.5

vendor=cisco AND product=ip_phone_7811 AND version=-

AND

vendor=cisco AND product=ip_phone_8865_firmware AND versionEndExcluding=11.3.5

vendor=cisco AND product=ip_phone_8865 AND version=-

AND

vendor=cisco AND product=ip_phone_8861_firmware AND versionEndExcluding=11.3.5

vendor=cisco AND product=ip_phone_8861 AND version=-

AND

vendor=cisco AND product=ip_phone_8851_firmware AND versionEndExcluding=11.3.5

vendor=cisco AND product=ip_phone_8851 AND version=-

AND

vendor=cisco AND product=ip_phone_8845_firmware AND versionEndExcluding=11.3.5

vendor=cisco AND product=ip_phone_8845 AND version=-

AND

vendor=cisco AND product=ip_phone_8841_firmware AND versionEndExcluding=11.3.5

vendor=cisco AND product=ip_phone_8841 AND version=-

AND

vendor=cisco AND product=ip_phone_8832_firmware AND versionEndExcluding=11.3.5

vendor=cisco AND product=ip_phone_8832 AND version=-

AND

vendor=cisco AND product=ip_phone_8811_firmware AND versionEndExcluding=11.3.5

vendor=cisco AND product=ip_phone_8811 AND version=-

Reference

20220406 Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Cross-Site Request Forgery Vulnerability-Vendor Advisory

Keywords

CVE-2022-20774

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-20774

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures