CVE-2023-20265 - OpenCVE

A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Unified Sip Phone 3905 Firmware Ip Dect 110 Unified Ip Phone 6901 Firmware Unified Sip Phone 3905 Unified Ip Phone 6901 Ip Dect 210 Firmware Ip Dect 210 Ip Dect 110 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cisco:ip_dect_110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_dect_110:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:ip_dect_210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_dect_210:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:cisco:unified_ip_phone_6901_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_ip_phone_6901:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:cisco:unified_sip_phone_3905_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_sip_phone_3905:-:*:*:*:*:*:*:*

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2023-11-21T18:45:33.998Z

Updated: 2024-01-25T16:58:35.584Z

Reserved: 2022-10-27T18:47:50.373Z

Link: CVE-2023-20265

JSON object: View

NVD Information

Status : Modified

Published: 2023-11-21T19:15:08.747

Modified: 2024-01-25T17:15:42.363

Link: CVE-2023-20265

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-20265", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2022-10-27T18:47:50.373Z", "datePublished": "2023-11-21T18:45:33.998Z", "dateUpdated": "2024-01-25T16:58:35.584Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-01-25T16:58:35.584Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device."}], "affected": [{"vendor": "Cisco", "product": "Cisco IP Phones with Multiplatform Firmware", "versions": [{"version": "4.5", "status": "affected"}, {"version": "4.6 MSR1", "status": "affected"}, {"version": "4.7.1", "status": "affected"}, {"version": "4.8.1", "status": "affected"}, {"version": "4.8.1 SR1", "status": "affected"}, {"version": "5.0.1", "status": "affected"}, {"version": "5.1.1", "status": "affected"}, {"version": "5.1.2", "status": "affected"}]}, {"vendor": "Cisco", "product": "Cisco Session Initiation Protocol (SIP) Software", "versions": [{"version": "9.3(1)", "status": "affected"}, {"version": "9.1(1)", "status": "affected"}, {"version": "9.3(1)SR2", "status": "affected"}, {"version": "9.4(1)", "status": "affected"}, {"version": "9.2(2)", "status": "affected"}, {"version": "9.2(1)", "status": "affected"}, {"version": "9.3(1)SR1", "status": "affected"}, {"version": "9.4(1)SR2", "status": "affected"}, {"version": "9.4(1)SR1", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "type": "cwe", "cweId": "CWE-79"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA", "name": "cisco-sa-uipphone-xss-NcmUykqA"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-uipphone-xss-NcmUykqA", "discovery": "EXTERNAL", "defects": ["CSCwf58594", "CSCwf58592", "CSCwf58578"]}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_dect_110_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "17BA3030-4791-4937-911A-0FA625BE4CFF", "versionEndExcluding": "5.1.2sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_dect_110:-:*:*:*:*:*:*:*", "matchCriteriaId": "8E36E9DA-BF30-42FB-9B6C-40C39DDA9473", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_dect_210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C7C4EDF-AAE1-424A-A64D-B794611E9571", "versionEndExcluding": "5.1.2sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_dect_210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B6E163D-94B8-453B-8189-804A7C1DE8DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_6901_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "489B785B-BCC7-4D75-9A04-081CDCC49603", "versionEndExcluding": "9.3\\(1\\)sr3", "versionStartIncluding": "9.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_6901:-:*:*:*:*:*:*:*", "matchCriteriaId": "12C78A9E-35FA-4CC7-B51F-25133B3D6DA9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_sip_phone_3905_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3A15605C-714B-4876-8C37-40A8C4A10ECA", "versionEndExcluding": "9.4\\(1\\)sr4", "versionStartIncluding": "9.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_sip_phone_3905:-:*:*:*:*:*:*:*", "matchCriteriaId": "14E1313A-F2D4-4F40-BC50-2D1BA2BBB4C7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de un peque\u00f1o subconjunto de Cisco IP Phones podr\u00eda permitir que un atacante remoto autenticado lleve a cabo un ataque de cross-site scripting (XSS) almacenado contra un usuario de la interfaz en un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario de una interfaz afectada para que vea una p\u00e1gina que contenga HTML o script maliciosos. Un exploit exitoso podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador. Para aprovechar esta vulnerabilidad, el atacante debe tener credenciales v\u00e1lidas para acceder a la interfaz de administraci\u00f3n basada en web del dispositivo afectado."}], "id": "CVE-2023-20265", "lastModified": "2024-01-25T17:15:42.363", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2023-11-21T19:15:08.747", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}