CVE-2022-20660

A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.

Published: Jan 14, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-20660
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.6
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-312

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
cisco / ip_conference_phone_7832_firmware	-	14.1\(1\)
cisco / ip_conference_phone_8832_firmware	-	14.1\(1\)
cisco / ip_phone_7811_firmware	-	14.1\(1\)
cisco / ip_phone_7821_firmware	-	14.1\(1\)
cisco / ip_phone_7841_firmware	-	14.1\(1\)
cisco / ip_phone_7861_firmware	-	14.1\(1\)
cisco / ip_phone_8811_firmware	-	14.1\(1\)
cisco / ip_phone_8841_firmware	-	14.1\(1\)
cisco / ip_phone_8845_firmware	-	14.1\(1\)
cisco / ip_phone_8851_firmware	-	14.1\(1\)
cisco / ip_phone_8861_firmware	-	14.1\(1\)
cisco / ip_phone_8865_firmware	-	14.1\(1\)
cisco / unified_sip_phone_3905_firmware	-	9.4\(1\)sr5
cisco / wireless_ip_phone_8821_firmware	-	11.0\(6\)sr2
cisco / wireless_ip_phone_8821-ex_firmware	-	11.0\(6\)sr2

Vulnerability Database

289,784

CVE-2022-20660