CVE-2023-20265

A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device.

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:cisco:ip_dect_110_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_dect_110:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:cisco:ip_dect_210_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:ip_dect_210:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:cisco:unified_ip_phone_6901_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_ip_phone_6901:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:cisco:unified_sip_phone_3905_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:unified_sip_phone_3905:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-11-21 19:15

Updated : 2024-01-25 17:15

NVD link : CVE-2023-20265

Mitre link : CVE-2023-20265

CVE.ORG link : CVE-2023-20265

JSON object : View

Products Affected

cisco

ip_dect_110
ip_dect_110_firmware
unified_ip_phone_6901_firmware
unified_ip_phone_6901
unified_sip_phone_3905_firmware
unified_sip_phone_3905
ip_dect_210_firmware
ip_dect_210

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2023-20265", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2023-11-21T19:15:08.747", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uipphone-xss-NcmUykqA", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid credentials to access the web-based management interface of the affected device."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de un peque\u00f1o subconjunto de Cisco IP Phones podr\u00eda permitir que un atacante remoto autenticado lleve a cabo un ataque de cross-site scripting (XSS) almacenado contra un usuario de la interfaz en un dispositivo afectado. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario de una interfaz afectada para que vea una p\u00e1gina que contenga HTML o script maliciosos. Un exploit exitoso podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador. Para aprovechar esta vulnerabilidad, el atacante debe tener credenciales v\u00e1lidas para acceder a la interfaz de administraci\u00f3n basada en web del dispositivo afectado."}], "lastModified": "2024-01-25T17:15:42.363", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_dect_110_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17BA3030-4791-4937-911A-0FA625BE4CFF", "versionEndExcluding": "5.1.2sr1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_dect_110:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8E36E9DA-BF30-42FB-9B6C-40C39DDA9473"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_dect_210_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C7C4EDF-AAE1-424A-A64D-B794611E9571", "versionEndExcluding": "5.1.2sr1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_dect_210:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9B6E163D-94B8-453B-8189-804A7C1DE8DA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_phone_6901_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "489B785B-BCC7-4D75-9A04-081CDCC49603", "versionEndExcluding": "9.3\\(1\\)sr3", "versionStartIncluding": "9.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_phone_6901:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "12C78A9E-35FA-4CC7-B51F-25133B3D6DA9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_sip_phone_3905_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A15605C-714B-4876-8C37-40A8C4A10ECA", "versionEndExcluding": "9.4\\(1\\)sr4", "versionStartIncluding": "9.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_sip_phone_3905:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "14E1313A-F2D4-4F40-BC50-2D1BA2BBB4C7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}