Cyber Resilience

CVE-2023-20018

High

Published: 20 January 2023

Published
20 January 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
EPSS Score 0.0038 59.9th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-20018 is a high-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Cisco Ip Phone 7800 Firmware. Its CVSS base score is 8.6 (High).

Operationally, ranked in the top 40.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An…

more

attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ip phone 7800 firmware
≤ 14.1\(1\)sr2
cisco
ip phone 7811 firmware
≤ 14.1\(1\)sr2
cisco
ip phone 7821 firmware
≤ 14.1\(1\)sr2
cisco
ip phone 7832 firmware
≤ 14.1\(1\)sr2
cisco
ip phone 7841 firmware
≤ 14.1\(1\)sr2
cisco
ip phone 7861 firmware
≤ 14.1\(1\)sr2
cisco
ip phone 8800 firmware
≤ 14.1\(1\)sr2
cisco
ip phone 8811 firmware
≤ 14.1\(1\)sr2
cisco
ip phone 8821 firmware
≤ 14.1\(1\)sr2
cisco
ip phone 8821-ex firmware
≤ 14.1\(1\)sr2
+12 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-288 CWE-863

Authorizing remote access reduces the ability to bypass authentication via unauthorized alternate remote channels.

addresses: CWE-863 CWE-288

Centralized authorization servers reduce incorrect authorization by enforcing consistent policies.

addresses: CWE-863

Periodic review and update of procedures reduces incorrect authorization implementations over time.

addresses: CWE-863

Supervision identifies cases where authorization logic incorrectly permits unauthorized actions.

addresses: CWE-863

Defining permitted attribute values and auditing modifications reduces the chance of incorrect authorization outcomes due to tampered or missing labels.

addresses: CWE-863

Establishing configuration and connection requirements helps ensure correct rather than incorrect authorization for wireless access.

addresses: CWE-863

Establishing connection authorization processes for mobile devices helps ensure authorization decisions are correctly implemented rather than incorrect.

addresses: CWE-863

Monitoring account use, notifying on changes, and reviewing accounts for compliance corrects incorrect authorization assignments.

References