fkie_cve-2023-20181
Vulnerability from fkie_nvd
Published
2023-08-03 22:15
Modified
2024-11-21 07:40
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | spa500ds_firmware | - | |
| cisco | spa500ds | - | |
| cisco | spa500s_firmware | - | |
| cisco | spa500s | - | |
| cisco | spa501g_firmware | - | |
| cisco | spa501g | - | |
| cisco | spa502g_firmware | - | |
| cisco | spa502g | - | |
| cisco | spa504g_firmware | - | |
| cisco | spa504g | - | |
| cisco | spa508g_firmware | - | |
| cisco | spa508g | - | |
| cisco | spa509g_firmware | - | |
| cisco | spa509g | - | |
| cisco | spa512g_firmware | - | |
| cisco | spa512g | - | |
| cisco | spa514g_firmware | - | |
| cisco | spa514g | - | |
| cisco | spa525_firmware | - | |
| cisco | spa525 | - | |
| cisco | spa525g_firmware | - | |
| cisco | spa525g | - | |
| cisco | spa525g2_firmware | - | |
| cisco | spa525g2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa500ds_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFBF9231-128E-4528-AAB9-75673CA4C525",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa500ds:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7B9304-CCA9-41C0-A6B9-032DC923420C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa500s_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5E2A30-128B-4EE9-A232-9216D38E2A66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa500s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66B2A148-467A-4F10-945C-1F49A218BD4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa501g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22F20D5D-F409-400B-9A9B-6B243CA40525",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa501g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "73B67905-79ED-4771-B436-49868BA7C922",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa502g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "060BFBB6-B6F7-4C77-B572-DF37EDA0E4DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa502g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D371387F-C7CC-46BB-85E9-419EF97D2A00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa504g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D423B5-88EE-40A3-A9F3-240D9431B1D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa504g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3FE12AB-1CC7-450D-88F2-7B06C51DCE7C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa508g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF9F406D-1144-4B59-88A7-6A3157BAE785",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa508g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F38FDFF1-AD9D-40E1-A232-4B08AE0C4ABC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa509g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E3746023-AA04-4ACB-AFD0-3EB6556DA5BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa509g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7C04DA66-1516-40ED-B8AC-504F8B2B1E88",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa512g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8337AA54-2683-425F-A0E7-3637B65F15AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa512g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92A92FEE-7CB5-43B1-8AC3-00C077DD4A63",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa514g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE2B80D-E782-4CE0-8FB0-840BBA2C1DEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa514g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "16C4089F-5B9F-4D69-8819-43B52309454F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa525_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4EF9778-0B64-4D42-AFEB-58F2B61AF085",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa525:-:*:*:*:*:*:*:*",
"matchCriteriaId": "452622A5-5A5A-40F2-AD69-4158FEA1309E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa525g_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1668FAAF-CFC0-4C42-B1A3-0649BD1CBCFD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa525g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5602EAB-6507-4B5B-A05B-4FED970B43D0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa525g2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E1DDD99-5739-4B61-B468-F40F3AC454FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa525g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58E0A339-CE89-4D27-B08D-BF151C9FF086",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"id": "CVE-2023-20181",
"lastModified": "2024-11-21T07:40:45.690",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-03T22:15:10.737",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-web-multi-7kvPmu2F"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "psirt@cisco.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.