{"containers": {"cna": {"affected": [{"product": "Cisco IP Phone 8800 Series Software", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-06-17T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-18T02:17:03.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"}], "source": {"advisory": "cisco-sa-phone-logs-2O7f7ExM", "defect": [["CSCvt23310", "CSCvt27636", "CSCvt27637", "CSCvt27645"]], "discovery": "INTERNAL"}, "title": "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-06-17T16:00:00", "ID": "CVE-2020-3360", "STATE": "PUBLIC", "TITLE": "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IP Phone 8800 Series Software", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "5.3", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200"}]}]}, "references": {"reference_data": [{"name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"}]}, "source": {"advisory": "cisco-sa-phone-logs-2O7f7ExM", "defect": [["CSCvt23310", "CSCvt27636", "CSCvt27637", "CSCvt27645"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:30:58.207Z"}, "title": "CVE Program Container", "references": [{"name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-15T16:21:10.982053Z", "id": "CVE-2020-3360", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T17:05:37.576Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3360", "datePublished": "2020-06-18T02:17:03.642Z", "dateReserved": "2019-12-12T00:00:00.000Z", "dateUpdated": "2024-11-15T17:05:37.576Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM", "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:30:58.207Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-3360", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-15T16:21:10.982053Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T16:21:44.567Z"}}], "cna": {"title": "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", "source": {"defect": [["CSCvt23310", "CSCvt27636", "CSCvt27637", "CSCvt27645"]], "advisory": "cisco-sa-phone-logs-2O7f7ExM", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Cisco", "product": "Cisco IP Phone 8800 Series Software", "versions": [{"status": "affected", "version": "n/a"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "datePublic": "2020-06-17T00:00:00", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM", "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2020-06-18T02:17:03"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "5.3", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}, "source": {"defect": [["CSCvt23310", "CSCvt27636", "CSCvt27637", "CSCvt27645"]], "advisory": "cisco-sa-phone-logs-2O7f7ExM", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "Cisco IP Phone 8800 Series Software"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM", "name": "20200617 Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", "refsource": "CISCO"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-3360", "STATE": "PUBLIC", "TITLE": "Cisco IP Phones Series 7800 and Series 8800 Call Log Information Disclosure Vulnerability", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-06-17T16:00:00"}}}}, "cveMetadata": {"cveId": "CVE-2020-3360", "state": "PUBLISHED", "dateUpdated": "2024-11-15T17:05:37.576Z", "dateReserved": "2019-12-12T00:00:00", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2020-06-18T02:17:03.642062Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_6901_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9B5E567-41A0-4C9A-91A3-63EB5543F73F", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_6901:-:*:*:*:*:*:*:*", "matchCriteriaId": "12C78A9E-35FA-4CC7-B51F-25133B3D6DA9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_6961_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8B0A706C-5D52-4FF9-A7D0-D81B8D44A7A0", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_6961:-:*:*:*:*:*:*:*", "matchCriteriaId": "BEDF755A-DFA2-4BCB-9A06-0A225B8F05B7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_6945_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9303F605-1F5D-4740-BE11-0A1176A68E80", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_6945:-:*:*:*:*:*:*:*", "matchCriteriaId": "4B3B667E-9019-4A33-9BB0-D15560EC4145", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_6941_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "455F7CDE-B0C9-44B7-AD55-EA03B287A9DF", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_6941:-:*:*:*:*:*:*:*", "matchCriteriaId": "FAD4832E-16D3-4E26-B8ED-D32F5CB83180", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_6921_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB7A8AC1-6EF0-4FDC-8C18-3118F3F53C8B", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_6921:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B807519-7A91-4137-8B0D-0820C6299C13", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_6911_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CEC48E7-E9D8-406D-963C-06F5F2209423", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_6911:-:*:*:*:*:*:*:*", "matchCriteriaId": "F32CF4BC-40AD-4C9C-8787-2B7EAE2B3B5F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7832_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "552DA0C7-01D3-46E1-AC87-2CF41408EF0D", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7832:-:*:*:*:*:*:*:*", "matchCriteriaId": "2C42D5D4-E5BF-4668-81F0-9D76552E0DCE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7861_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0CAED4E4-23FA-4B15-8138-8B79392FC666", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7861:-:*:*:*:*:*:*:*", "matchCriteriaId": "045E3CD2-AC00-4BA7-A0B0-94D9ACF1F6CF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7841_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0C60EC68-7A31-4CBB-BCC4-DD56299C6EEA", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7841:-:*:*:*:*:*:*:*", "matchCriteriaId": "2CAEF25F-B028-487D-B396-C33D5246D188", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7821_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0921726-02A0-47D0-9E40-E1E3DD6D5A22", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7821:-:*:*:*:*:*:*:*", "matchCriteriaId": "182E3741-46FC-47D3-B075-772E87C8F80C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7811_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C1EFB1A0-ED54-4586-9A10-E27A936AE6B6", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7811:-:*:*:*:*:*:*:*", "matchCriteriaId": "6551539F-39C1-4CD6-92F3-FE330E92CC06", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7937g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE7BECC3-B86D-4669-8463-DAE35D406B1B", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7937g:-:*:*:*:*:*:*:*", "matchCriteriaId": "F69722C8-73F9-4989-817B-DF8F882676AD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7975g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6D10125-025C-42B5-93D9-5A4FA79290C3", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7975g:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BA879B6-04D6-402A-8F38-8A7CB34D76F4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7965g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "82C369BE-4A67-489B-9A26-AB00D4C4E409", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7965g:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF30D1CC-D27F-49FF-9C63-BB890002D1C2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7962g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA428649-4098-4166-8ED3-4A1C707F00FB", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7962g:-:*:*:*:*:*:*:*", "matchCriteriaId": "8424EA40-BAEE-4503-A826-003C478D07F0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7961g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "57152C53-3445-4CDD-9C3F-DB0067611DAB", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7961g:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1B979DC-52B4-497E-9D7C-3D8F861E6E26", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7960g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B10AA232-FF33-4062-977C-984D2E2CBF70", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7960g:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DFA9051-62CB-4C7B-9C97-CD901DC778F0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7945g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D8A52F3-1D02-4D2F-A68D-276D065BD00B", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7945g:-:*:*:*:*:*:*:*", "matchCriteriaId": "5980E646-CA07-4222-A9DD-A71306A4A678", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7942g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E24932D-8F8E-4991-858D-246D5CD594B7", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7942g:-:*:*:*:*:*:*:*", "matchCriteriaId": "37232BAF-C3BD-45A3-B54F-3DA2E15F2FBD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7941g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "79A195E8-4210-4F4A-B742-1C943DF5D2AF", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7941g:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7519FF0-672E-430F-980D-53D2A851C78C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7940g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "34AC4FC0-1504-449C-86CC-1033D0BBD994", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7940g:-:*:*:*:*:*:*:*", "matchCriteriaId": "84AEFB6F-3534-478A-97FF-C100A86A269E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7931g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C2B814BA-710F-4E42-8EA0-F9B59B5E2A39", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7931g:-:*:*:*:*:*:*:*", "matchCriteriaId": "E0D51724-CA7C-4F8E-9C02-408A96E32860", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7911g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB2313E3-D3C9-4990-8657-05345C386759", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7911g:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BF164BA-91F9-434B-9837-1B6E600A91AF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_7906g_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7EA3D2C-8327-4D0F-9AD8-3373AB3CCC53", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_7906g:-:*:*:*:*:*:*:*", "matchCriteriaId": "94B18568-30F5-40BF-96DB-589ED8D960F5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8811_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D8DA83E-9548-455E-BCFF-5238FB56BF48", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_8811:-:*:*:*:*:*:*:*", "matchCriteriaId": "D96E5B04-7CFF-4DF9-A356-C015AD8F5536", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8841_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "15426BD5-25E2-43B6-9E6E-346F26E2AC1A", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_8841:-:*:*:*:*:*:*:*", "matchCriteriaId": "80B68502-F042-4094-BECB-0C59C3C6D07F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8845_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "33CD3FFF-1517-4EF7-AE38-F6DA836100AE", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_8845:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF629B3C-0874-4BC9-97F3-28A5A7AC8917", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8851_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CD08767-7F00-48E6-87A9-99FE9E2D96B9", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_8851:-:*:*:*:*:*:*:*", "matchCriteriaId": "37B37ABB-C273-47B1-B7B0-692280CC957B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8851nr_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "79C63F44-F1B6-47A3-900E-BA9B7A2EDAE3", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_8851nr:-:*:*:*:*:*:*:*", "matchCriteriaId": "B021B260-CD3C-4EA5-9A2C-FE80B4ACA787", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8861_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "118AE4A2-F0DB-4E0B-9998-A56711723D34", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_8861:-:*:*:*:*:*:*:*", "matchCriteriaId": "3BB9129D-607E-4227-984E-F0FC2F9047ED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8865_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "27AFD285-F65F-4B09-97C1-082C953EFCB9", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_8865:-:*:*:*:*:*:*:*", "matchCriteriaId": "B01FB146-FB66-4251-8025-F38C49FE9CAC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8865nr_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8399BC8F-6DCD-4A61-9E1B-FFA636BAD4C2", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_8865nr:-:*:*:*:*:*:*:*", "matchCriteriaId": "5EB7D543-296F-44AE-9335-BF3244F21E55", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8961_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "25923E46-A572-4731-9EAA-3A3B52D83FD3", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_8961:-:*:*:*:*:*:*:*", "matchCriteriaId": "73338C3B-3AFA-4F64-B8C6-FDEBBBDCFD31", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8945_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "02037FE7-B885-4C3D-9516-8C8D32D168B9", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_8945:-:*:*:*:*:*:*:*", "matchCriteriaId": "645668C0-1702-4EBE-AF4D-F73824AF4C41", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_8941_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "89E58087-9ABF-4BF6-BCC9-F7904593A5D6", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_8941:-:*:*:*:*:*:*:*", "matchCriteriaId": "FE80CCF2-84B6-409D-BED3-D1C3D8807D5F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_9971_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "486E6F8D-3563-42DF-86FA-34200B14FB2F", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_9971:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBF7ABE8-03D3-4ACA-834A-89D37D5EBFB2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_9951_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C416A15-52CB-4850-8C5B-E3E9C9087FB3", "versionEndIncluding": "12.8\\(1\\)", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_9951:-:*:*:*:*:*:*:*", "matchCriteriaId": "C0B483E7-0B8D-480B-94B9-93F00AE91B4B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad Web Access de Cisco IP Phones Series 7800 y Series 8800, podr\u00eda permitir a un atacante remoto no autenticado visualizar informaci\u00f3n confidencial sobre un dispositivo afectado. La vulnerabilidad es debido a controles de acceso inapropiados en la interfaz de administraci\u00f3n basada en web de un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de solicitudes maliciosas al dispositivo, lo que podr\u00eda permitirle omitir las restricciones de acceso. Un ataque con \u00e9xito podr\u00eda permitir al atacante visualizar informaci\u00f3n confidencial, incluyendo los registros de llamadas del dispositivo que contienen nombres, nombres de usuario y n\u00fameros de tel\u00e9fono de los usuarios del dispositivo"}], "id": "CVE-2020-3360", "lastModified": "2024-11-21T05:30:52.567", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-18T03:15:14.403", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-logs-2O7f7ExM"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}