Cyber Resilience

CVE-2023-20078

Critical

Published: 03 March 2023

Published
03 March 2023
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0583 90.7th percentile
Risk Priority 23 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-20078 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Cisco Ip Phone 6871 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 9.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

Multiple vulnerabilities affect the web-based management interface of certain Cisco IP Phones, with the issues rooted in stack-based buffer overflows and out-of-bounds writes as indicated by the associated CWEs. These flaws enable unauthenticated remote attackers to trigger arbitrary code execution or denial-of-service conditions on the affected devices, reflected in the critical CVSS 9.8 score with network attack vector and no required privileges or user interaction.

An unauthenticated remote attacker can send specially crafted requests to the exposed web interface to achieve full code execution or crash the phone, compromising both confidentiality and availability without any prior authentication.

The official Cisco Security Advisory at the referenced URL details the affected phone models and available software updates that address the command injection and memory safety issues. The EPSS score rose materially from low values after disclosure to a peak of 0.2010 on 2025-12-11 before receding, indicating that exploitation interest emerged well after the initial publication and warrants renewed attention.

EU & UK References

Vulnerability details

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section…

more

of this advisory.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

cisco
ip phone 6871 firmware
≤ 11.3.7sr1
cisco
ip phone 6861 firmware
≤ 11.3.7sr1
cisco
ip phone 6851 firmware
≤ 11.3.7sr1
cisco
ip phone 6841 firmware
≤ 11.3.7sr1
cisco
ip phone 6825 firmware
≤ 11.3.7sr1
cisco
ip phone 7861 firmware
≤ 11.3.7sr1
cisco
ip phone 7841 firmware
≤ 11.3.7sr1
cisco
ip phone 7832 firmware
≤ 11.3.7sr1
cisco
ip phone 7821 firmware
≤ 11.3.7sr1
cisco
ip phone 7811 firmware
≤ 11.3.7sr1
+7 more product configuration(s) — see NVD for full list

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References