{ "id": "CVE-2022-20660", "sourceIdentifier": "ykramarz@cisco.com", "published": "2022-01-14T05:15:11.083", "lastModified": "2023-11-07T03:42:33.000", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks." }, { "lang": "es", "value": "Una vulnerabilidad en la arquitectura de almacenamiento de informaci\u00f3n de varios modelos de tel\u00e9fonos IP de Cisco podr\u00eda permitir a un atacante f\u00edsico no autenticado obtener informaci\u00f3n confidencial de un dispositivo afectado. Esta vulnerabilidad es debido al almacenamiento no cifrado de informaci\u00f3n confidencial en un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad al extraer f\u00edsicamente y acceder a uno de los chips de memoria flash. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante obtener informaci\u00f3n confidencial del dispositivo, que podr\u00eda ser usada para ataques posteriores" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 0.9, "impactScore": 3.6 }, { "source": "d1c1063e-7a18-46af-9102-31f8928bc633", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 0.9, "impactScore": 3.6 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1 }, "baseSeverity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-312" } ] }, { "source": "d1c1063e-7a18-46af-9102-31f8928bc633", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-312" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_conference_phone_7832:-:*:*:*:*:*:*:*", "matchCriteriaId": "6592E7FE-346E-4923-97C2-F5298DC802A3" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.1\\(1\\)", "matchCriteriaId": "E42261E2-07EC-416E-A65C-7D85584DED32" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1010D16-DC6E-47A6-8BF9-C1026D975E3D" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.1\\(1\\)", "matchCriteriaId": "3B9BC28D-0BC0-45CB-A87B-59F407F3A210" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.1\\(1\\)", "matchCriteriaId": "38F67250-E4D0-48BE-928E-EF1BB4005940" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.1\\(1\\)", "matchCriteriaId": "FD40B5EB-D356-42D4-9464-67D0481460A9" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*", "matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.1\\(1\\)", "matchCriteriaId": "67895EA8-C707-4228-A8A2-4654E2B912CA" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*", "matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.1\\(1\\)", "matchCriteriaId": "F83ED1C8-1655-46EC-B1F5-4BD1D519057D" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.1\\(1\\)", "matchCriteriaId": "41F875DA-AF0C-49CE-8BC5-DD1E0702FACF" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*", "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.1\\(1\\)", "matchCriteriaId": "CFACDCE6-95B3-45A7-86D3-18F3A78D5AF7" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.1\\(1\\)", "matchCriteriaId": "280BC438-AF6B-464B-A283-CE183C06E13B" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*", "matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.1\\(1\\)", "matchCriteriaId": "64E92C6B-5BA7-4C5F-B262-AE20F3951923" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.1\\(1\\)", "matchCriteriaId": "F1E3B94C-BA7B-481A-AF4D-2FCF5E81D7B6" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*", "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "14.1\\(1\\)", "matchCriteriaId": "E9A7F857-A3D7-43DA-8E94-FDA0EE542C39" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:unified_ip_conference_phone_8831_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "22846195-008E-4D1B-A0C3-3364B141EC5F" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_conference_phone_8831:-:*:*:*:*:*:*:*", "matchCriteriaId": "660475FD-8475-4968-9ED2-D83461B9A5D4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:unified_ip_conference_phone_8831_for_third-party_call_control_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5699693-DBEC-429F-B67E-0B1625818FAB" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_conference_phone_8831_for_third-party_call_control:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA7AA843-E37E-42A0-BD4C-9710BDD50D9B" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7945g_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "361613B3-A977-4E2A-8D41-EDE85F1D9623" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7945g:-:*:*:*:*:*:*:*", "matchCriteriaId": "5980E646-CA07-4222-A9DD-A71306A4A678" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7965g_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F52E0123-63EF-40FB-85B7-2C2838CBF3BF" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7965g:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF30D1CC-D27F-49FF-9C63-BB890002D1C2" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:unified_ip_phone_7975g_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "415AE68B-E623-4B95-89CA-1F3C2C96A33C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_ip_phone_7975g:-:*:*:*:*:*:*:*", "matchCriteriaId": "8BA879B6-04D6-402A-8F38-8A7CB34D76F4" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:unified_sip_phone_3905_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "9.4\\(1\\)sr5", "matchCriteriaId": "D1B36FBC-7879-4AE5-8D28-2A5BE8C88356" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:unified_sip_phone_3905:-:*:*:*:*:*:*:*", "matchCriteriaId": "14E1313A-F2D4-4F40-BC50-2D1BA2BBB4C7" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:wireless_ip_phone_8821_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.0\\(6\\)sr2", "matchCriteriaId": "59A19DB2-1E3A-40AC-B265-878E9B568E8C" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:wireless_ip_phone_8821:-:*:*:*:*:*:*:*", "matchCriteriaId": "F97DF354-7690-417E-B223-72C8BDA36DA7" } ] } ] }, { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:cisco:wireless_ip_phone_8821-ex_firmware:*:*:*:*:*:*:*:*", "versionEndExcluding": "11.0\\(6\\)sr2", "matchCriteriaId": "039BF626-1168-44E3-90E4-0C2BE311FA3E" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:cisco:wireless_ip_phone_8821-ex:-:*:*:*:*:*:*:*", "matchCriteriaId": "26CAE4C7-EADB-41A9-BE48-1A4F3D8D3D7A" } ] } ] } ], "references": [ { "url": "http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html", "source": "ykramarz@cisco.com", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ] }, { "url": "http://seclists.org/fulldisclosure/2022/Jan/34", "source": "ykramarz@cisco.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA", "source": "ykramarz@cisco.com", "tags": [ "Vendor Advisory" ] } ] }