A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.

Metrics

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Cisco
  • Ip Conference Phone 7832
  • Ip Conference Phone 7832 Firmware
  • Ip Conference Phone 8832
  • Ip Conference Phone 8832 Firmware
  • Ip Phone 7811
  • Ip Phone 7811 Firmware
  • Ip Phone 7821
  • Ip Phone 7821 Firmware
  • Ip Phone 7841
  • Ip Phone 7841 Firmware
  • Ip Phone 7861
  • Ip Phone 7861 Firmware
  • Ip Phone 8811
  • Ip Phone 8811 Firmware
  • Ip Phone 8841
  • Ip Phone 8841 Firmware
  • Ip Phone 8845
  • Ip Phone 8845 Firmware
  • Ip Phone 8851
  • Ip Phone 8851 Firmware
  • Ip Phone 8861
  • Ip Phone 8861 Firmware
  • Ip Phone 8865
  • Ip Phone 8865 Firmware
  • Unified Ip Conference Phone 8831
  • Unified Ip Conference Phone 8831 Firmware
  • Unified Ip Conference Phone 8831 For Third-party Call Control
  • Unified Ip Conference Phone 8831 For Third-party Call Control Firmware
  • Unified Ip Phone 7945g
  • Unified Ip Phone 7945g Firmware
  • Unified Ip Phone 7965g
  • Unified Ip Phone 7965g Firmware
  • Unified Ip Phone 7975g
  • Unified Ip Phone 7975g Firmware
  • Unified Sip Phone 3905
  • Unified Sip Phone 3905 Firmware
  • Wireless Ip Phone 8821
  • Wireless Ip Phone 8821-ex
  • Wireless Ip Phone 8821-ex Firmware
  • Wireless Ip Phone 8821 Firmware

Configuration 1 [-]

AND
cpe:2.3:h:cisco:ip_conference_phone_7832:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_conference_phone_7832_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:cisco:unified_ip_conference_phone_8831_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_conference_phone_8831:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:cisco:unified_ip_conference_phone_8831_for_third-party_call_control_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_conference_phone_8831_for_third-party_call_control:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:cisco:unified_ip_phone_7945g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7945g:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:cisco:unified_ip_phone_7965g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7965g:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:cisco:unified_ip_phone_7975g_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_phone_7975g:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:cisco:unified_sip_phone_3905_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_sip_phone_3905:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:cisco:wireless_ip_phone_8821_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_ip_phone_8821:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:cisco:wireless_ip_phone_8821-ex_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_ip_phone_8821-ex:-:*:*:*:*:*:*:*

No data.

References
Link Providers
http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html cve-icon cve-icon
http://seclists.org/fulldisclosure/2022/Jan/34 cve-icon cve-icon
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2022-01-14T05:01:29.253864Z

Updated: 2024-09-16T20:01:27.050Z

Reserved: 2021-11-02T00:00:00

Link: CVE-2022-20660

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-01-14T05:15:11.083

Modified: 2023-11-07T03:42:33.000

Link: CVE-2022-20660

cve-icon Redhat

No data.