CVE-2020-3360

CVE Database · CVE-2020-3360

CVE-2020-3360

· MEDIUMModified

CVSS v3.1

5.3

EPSS

1.26%

Published

Jun 18, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-200CWE-863

Affected Products (74)

cisco · unified_ip_phone_6901_firmwarevulnerable

cisco · unified_ip_phone_6901

cisco · unified_ip_phone_6961_firmwarevulnerable

cisco · unified_ip_phone_6961

cisco · unified_ip_phone_6945_firmwarevulnerable

cisco · unified_ip_phone_6945

cisco · unified_ip_phone_6941_firmwarevulnerable

cisco · unified_ip_phone_6941

cisco · unified_ip_phone_6921_firmwarevulnerable

cisco · unified_ip_phone_6921

cisco · unified_ip_phone_6911_firmwarevulnerable

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs