A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability.
References
Link | Resource |
---|---|
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
History
27 Jun 2022, 18:36
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-338 | |
First Time |
Cisco unified Ip Phone 8941
Cisco unified Ip Phone 6945 Cisco unified Ip Phone 6941 Firmware Cisco unified Ip Phone 6921 Cisco unified Ip Phone 6911 Cisco unified Ip Phone 9951 Firmware Cisco unified Ip Phone 6921 Firmware Cisco unified Ip Phone 8941 Firmware Cisco unified Ip Phone 8961 Cisco unified Ip Phone 6961 Firmware Cisco unified Ip Phone 9951 Cisco ata 187 Analog Telephone Adapter Cisco ata 187 Analog Telephone Adapter Firmware Cisco unified Ip Phone 8945 Cisco unified Ip Phone 9971 Cisco unified Ip Phone 6911 Firmware Cisco unified Ip Phone 6945 Firmware Cisco unified Ip Phone 8945 Firmware Cisco Cisco unified Ip Phone 8961 Firmware Cisco unified Ip Phone 6941 Cisco unified Ip Phone 9971 Firmware Cisco unified Ip Phone 6961 |
|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 7.4 |
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cp6901-dup-cert-82jdJGe4 - Vendor Advisory | |
CPE | cpe:2.3:h:cisco:unified_ip_phone_9951:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:unified_ip_phone_8945:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:unified_ip_phone_6961:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:unified_ip_phone_6921_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:unified_ip_phone_8945_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:unified_ip_phone_6911_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:ata_187_analog_telephone_adapter_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:unified_ip_phone_6945:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:unified_ip_phone_6961_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:ata_187_analog_telephone_adapter:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:unified_ip_phone_8961:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:unified_ip_phone_8961_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:unified_ip_phone_6945_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:unified_ip_phone_9971_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:unified_ip_phone_8941_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:unified_ip_phone_6911:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:unified_ip_phone_6941:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:unified_ip_phone_6941_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:unified_ip_phone_6921:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:unified_ip_phone_9971:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:unified_ip_phone_9951_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:unified_ip_phone_8941:-:*:*:*:*:*:*:* |
15 Jun 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-15 18:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-20817
Mitre link : CVE-2022-20817
CVE.ORG link : CVE-2022-20817
JSON object : View
Products Affected
cisco
- unified_ip_phone_6945_firmware
- ata_187_analog_telephone_adapter
- unified_ip_phone_8961
- unified_ip_phone_8941_firmware
- unified_ip_phone_6911_firmware
- unified_ip_phone_9971
- unified_ip_phone_6961
- unified_ip_phone_8945_firmware
- unified_ip_phone_8945
- unified_ip_phone_6941_firmware
- unified_ip_phone_6961_firmware
- unified_ip_phone_6921
- unified_ip_phone_6911
- ata_187_analog_telephone_adapter_firmware
- unified_ip_phone_6921_firmware
- unified_ip_phone_8961_firmware
- unified_ip_phone_9971_firmware
- unified_ip_phone_9951
- unified_ip_phone_6941
- unified_ip_phone_6945
- unified_ip_phone_9951_firmware
- unified_ip_phone_8941
CWE
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)