Cleartext storage of sensitive information in Cisco Systems, Inc products - CVE-2022-20660
Published: January 24, 2022
Vulnerability identifier: #VU59961
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-20660
CWE-ID: CWE-312
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Cisco Unified IP Conference Phone 8831
Cisco Unified IP Conference Phone 8831 for Third-Party Call Control
Unified IP Phone 7945G
Unified IP Phone 7965G
Unified IP Phone 7975G
Cisco IP Conference Phone 7832
Cisco IP Conference Phone 8832
Cisco IP Phone 7811
Cisco IP Phone 7821
Cisco IP Phone 7841
Cisco IP Phone 7861
Cisco IP Phone 8811
Cisco IP Phone 8841
Cisco IP Phone 8845
Cisco IP Phone 8851
Unified SIP Phone 3905
Cisco Wireless IP Phone 8821
Cisco Wireless IP Phone 8821-EX
Cisco IP Phone 8861
Cisco IP Phone 8865
Cisco Unified IP Conference Phone 8831
Cisco Unified IP Conference Phone 8831 for Third-Party Call Control
Unified IP Phone 7945G
Unified IP Phone 7965G
Unified IP Phone 7975G
Cisco IP Conference Phone 7832
Cisco IP Conference Phone 8832
Cisco IP Phone 7811
Cisco IP Phone 7821
Cisco IP Phone 7841
Cisco IP Phone 7861
Cisco IP Phone 8811
Cisco IP Phone 8841
Cisco IP Phone 8845
Cisco IP Phone 8851
Unified SIP Phone 3905
Cisco Wireless IP Phone 8821
Cisco Wireless IP Phone 8821-EX
Cisco IP Phone 8861
Cisco IP Phone 8865
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to unencrypted storage of confidential information. An attacker with physical access can obtain confidential information from the device.
Remediation
Install updates from vendor's website.