CVE-2023-20018

HIGH

Cisco IP Phone <7800-8800 - Auth Bypass

Title source: llm

Description

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to access certain parts of the web interface that would normally require authentication.

References (1)

Core 1

Core References

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR

Scores

CVSS v3 8.6

EPSS 0.0038

EPSS Percentile 59.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Details

CWE

CWE-288 CWE-863

Status published

Products (22)

cisco/ip_phone_7800_firmware < 14.1\(1\)sr2

cisco/ip_phone_7811_firmware < 14.1\(1\)sr2

cisco/ip_phone_7821_firmware < 14.1\(1\)sr2

cisco/ip_phone_7832_firmware < 14.1\(1\)sr2

cisco/ip_phone_7841_firmware < 14.1\(1\)sr2

cisco/ip_phone_7861_firmware < 14.1\(1\)sr2

cisco/ip_phone_8800_firmware < 14.1\(1\)sr2

cisco/ip_phone_8811_firmware < 14.1\(1\)sr2

cisco/ip_phone_8821-ex_firmware < 14.1\(1\)sr2

cisco/ip_phone_8821_firmware < 14.1\(1\)sr2

... and 12 more

Published Jan 20, 2023

Tracked Since Feb 18, 2026