CVE-2022-20660 - OpenCVE

A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted storage of confidential information on an affected device. An attacker could exploit this vulnerability by physically extracting and accessing one of the flash memory chips. A successful exploit could allow the attacker to obtain confidential information from the device, which could be used for subsequent attacks.

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Unified Ip Conference Phone 8831 For Third-party Call Control Ip Phone 8865 Wireless Ip Phone 8821 Firmware Ip Phone 8811 Firmware Wireless Ip Phone 8821-ex Firmware Unified Sip Phone 3905 Ip Phone 8845 Firmware Ip Phone 7821 Firmware Ip Phone 8851 Firmware Unified Ip Phone 7945g Ip Phone 8861 Firmware Ip Phone 7821 Unified Ip Phone 7965g Ip Phone 8841 Unified Sip Phone 3905 Firmware Ip Phone 7841 Wireless Ip Phone 8821-ex Ip Conference Phone 7832 Ip Conference Phone 8832 Ip Phone 8851 Ip Phone 7811 Ip Phone 7861 Ip Phone 7841 Firmware Ip Phone 8845 Ip Conference Phone 7832 Firmware Ip Phone 8861 Unified Ip Conference Phone 8831 Firmware Unified Ip Phone 7945g Firmware Ip Phone 8841 Firmware Ip Phone 7811 Firmware Unified Ip Phone 7975g Unified Ip Conference Phone 8831 Unified Ip Phone 7965g Firmware Unified Ip Phone 7975g Firmware Ip Phone 8865 Firmware Ip Phone 7861 Firmware Wireless Ip Phone 8821 Ip Conference Phone 8832 Firmware Ip Phone 8811 Unified Ip Conference Phone 8831 For Third-party Call Control Firmware

Configuration 1 [-]

AND

cpe:2.3:h:cisco:ip_conference_phone_7832:-:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_conference_phone_7832_firmware:*:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:*:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:cisco:unified_ip_conference_phone_8831_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_ip_conference_phone_8831:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:cisco:unified_ip_conference_phone_8831_for_third-party_call_control_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_ip_conference_phone_8831_for_third-party_call_control:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:cisco:unified_ip_phone_7945g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_ip_phone_7945g:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:cisco:unified_ip_phone_7965g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_ip_phone_7965g:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:cisco:unified_ip_phone_7975g_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_ip_phone_7975g:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:cisco:unified_sip_phone_3905_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_sip_phone_3905:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:cisco:wireless_ip_phone_8821_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:wireless_ip_phone_8821:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:cisco:wireless_ip_phone_8821-ex_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:wireless_ip_phone_8821-ex:-:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage.html	Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2022/Jan/34	Mailing List Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA	Vendor Advisory