CVE-2023-20218
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Summary
A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.
Cisco will not release software updates that address this vulnerability.
{{value}} ["%7b%7bvalue%7d%7d"])}]]
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco Small Business IP Phones | 7.6.0 | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.2 | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.2SR3 | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.2SR6 | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.2SR2 | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.2SR4 | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.2SR1 | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.2SR5 | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.2SR7 | affected |
| Cisco | Cisco Small Business IP Phones | 7.6.1 | affected |
| Cisco | Cisco Small Business IP Phones | 7.3.7 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.5 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.6(XU) | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.2 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.2a | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.7 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.3 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.6 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.2b | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.6c | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.6a | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.7s | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.1 | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.5a | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.5b | affected |
| Cisco | Cisco Small Business IP Phones | 7.5.4 | affected |
| Cisco | Cisco Small Business IP Phones | 7.4.7 | affected |
| Cisco | Cisco Small Business IP Phones | 7.4.4 | affected |
| Cisco | Cisco Small Business IP Phones | 7.4.8 | affected |
| Cisco | Cisco Small Business IP Phones | 7.4.3 | affected |
| Cisco | Cisco Small Business IP Phones | 7.4.9 | affected |
| Cisco | Cisco Small Business IP Phones | 7.4.6 | affected |
Weaknesses
- CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.