CVE-2023-20079
Published: 03 March 2023
Summary
CVE-2023-20079 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Cisco Ip Phone 6871 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 11.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Multiple vulnerabilities affect the web-based management interface of certain Cisco IP Phones. These issues, tracked under CWE-121 and CWE-787, carry a CVSS score of 9.8 and can permit unauthenticated remote attackers to execute arbitrary code or trigger a denial-of-service condition.
An unauthenticated remote attacker can send specially crafted requests to the exposed management interface to exploit the flaws, achieving either full code execution with high impact on confidentiality, integrity, and availability or a DoS state without any user interaction or credentials.
The referenced Cisco Security Advisory at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP details the affected phone models and provides mitigation guidance, including software updates and configuration recommendations.
EPSS scores for this CVE reached a peak of 0.1357 after disclosure before receding to the current value of 0.0421.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-24258
Vulnerability details
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section…
more
of this advisory.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.