Cleartext storage of sensitive information in Cisco Systems, Inc products - CVE-2022-20660

 

Cleartext storage of sensitive information in Cisco Systems, Inc products - CVE-2022-20660

Published: January 24, 2022


Vulnerability identifier: #VU59961
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-20660
CWE-ID: CWE-312
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Cisco Systems, Inc
Affected software:
Cisco Unified IP Conference Phone 8831
Cisco Unified IP Conference Phone 8831 for Third-Party Call Control
Unified IP Phone 7945G
Unified IP Phone 7965G
Unified IP Phone 7975G
Cisco IP Conference Phone 7832
Cisco IP Conference Phone 8832
Cisco IP Phone 7811
Cisco IP Phone 7821
Cisco IP Phone 7841
Cisco IP Phone 7861
Cisco IP Phone 8811
Cisco IP Phone 8841
Cisco IP Phone 8845
Cisco IP Phone 8851
Unified SIP Phone 3905
Cisco Wireless IP Phone 8821
Cisco Wireless IP Phone 8821-EX
Cisco IP Phone 8861
Cisco IP Phone 8865

Detailed vulnerability description

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to unencrypted storage of confidential information. An attacker with physical access can obtain confidential information from the device.


How to mitigate CVE-2022-20660

Install updates from vendor's website.

Sources