mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-29 05:56:59 +00:00
101 lines
3.7 KiB
JSON
101 lines
3.7 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "psirt@cisco.com",
|
|
"DATE_PUBLIC": "2022-01-13T00:00:00",
|
|
"ID": "CVE-2022-20660",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Cisco IP Phones Information Disclosure Vulnerability"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Cisco Session Initiation Protocol (SIP) Software ",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Cisco"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks."
|
|
}
|
|
]
|
|
},
|
|
"exploit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": {
|
|
"baseScore": "4.6",
|
|
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N ",
|
|
"version": "3.0"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-312"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "20220113 Cisco IP Phones Information Disclosure Vulnerability",
|
|
"refsource": "CISCO",
|
|
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA"
|
|
},
|
|
{
|
|
"refsource": "FULLDISC",
|
|
"name": "20220114 SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones",
|
|
"url": "http://seclists.org/fulldisclosure/2022/Jan/34"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"name": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html",
|
|
"url": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"advisory": "cisco-sa-ip-phone-info-disc-fRdJfOxA",
|
|
"defect": [
|
|
[
|
|
"CSCvy39035",
|
|
"CSCvy39054",
|
|
"CSCvy39055",
|
|
"CSCvy39057",
|
|
"CSCvy39058",
|
|
"CSCvy39059"
|
|
]
|
|
],
|
|
"discovery": "INTERNAL"
|
|
}
|
|
} |