===========================================================================
ZMCIRT Vulnerability Bulletin
ZMC-2022.13.01.0900
Cisco IP Phones: Access confidential data - Console/physical
13th January 2022
===========================================================================
Product: Cisco IP Phones
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Access Confidential Data -- Console/Physical
Resolution: Patch/Upgrade
CVE Names: CVE-2022-20660
Original Bulletin:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA
- --------------------------BEGIN INCLUDED TEXT--------------------
Cisco IP Phones Information Disclosure Vulnerability
Priority: Medium
Advisory ID: cisco-sa-ip-phone-info-disc-fRdJfOxA
First Published: 2022 January 12 16:00 GMT
Version 1.0: Final
Workarounds: No workarounds available
Cisco Bug IDs: CSCvy39035 CSCvy39054 CSCvy39055 CSCvy39057 CSCvy39058
CSCvy39059
CVE Names: CVE-2022-20660
CWEs: CWE-312
Summary
o A vulnerability in the information storage architecture of several Cisco IP
Phone models could allow an unauthenticated, physical attacker to obtain
confidential information from an affected device.
This vulnerability is due to unencrypted storage of confidential
information on an affected device. An attacker could exploit this
vulnerability by physically extracting and accessing one of the flash
memory chips. A successful exploit could allow the attacker to obtain
confidential information from the device, which could be used for
subsequent attacks.
Cisco has released software updates that address this vulnerability. There
are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA
Affected Products
o Vulnerable Products
At the time of publication, this vulnerability affected the following Cisco
products if they were running a vulnerable firmware release:
IP Conference Phone 7832
IP Conference Phone 8832
IP Phones 7811, 7821, 7841, and 7861
IP Phones 8811, 8841, 8845, 8851, 8861, and 8865
Unified IP Conference Phone 8831
Unified IP Conference Phone 8831 for Third-Party Call Control
Unified IP Phones 7945G, 7965G, and 7975G
Unified SIP Phone 3905
Wireless IP Phones 8821 and 8821-EX
For information about which Cisco software releases were vulnerable at the
time of publication, see the Fixed Software section of this advisory. See
the Details section in the bug ID(s) at the top of this advisory for the
most complete and current information.
Products Confirmed Not Vulnerable
Only products listed in the Vulnerable Products section of this advisory
are known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following
Cisco products:
ATA 190, 191, 192 Analog Telephone Adapters
IP Conference Phone 7832 with Multiplatform Firmware
IP Conference Phone 8832 with Multiplatform Firmware
IP DECT 110 Repeater
IP DECT 110 Repeater with Multiplatform Firmware
IP Phone DECT 6800 Series with Multiplatform Firmware
IP Phones 6821, 6841, 6851, 6861, and 6871 with Multiplatform Firmware
IP Phones 7811, 7821, 7841, and 7861 with Multiplatform Firmware
IP Phones 8811, 8841, 8845, 8851, 8861, and 8865 with Multiplatform
Firmware
Unified IP Phones 6901 and 6911
Webex Desk Series devices
Webex Room Phone
Webex Share devices
Webex Wireless Phones 840 and 860
Workarounds
o There are no workarounds that address this vulnerability.
Fixed Software
o When considering software upgrades , customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the devices to be upgraded
contain sufficient memory and confirm that current hardware and software
configurations will continue to be supported properly by the new release.
If the information is not clear, customers are advised to contact the Cisco
Technical Assistance Center (TAC) or their contracted maintenance
providers.
Fixed Releases
At the time of publication, the release information in the following table
(s) was accurate. See the Details section in the bug ID(s) at the top of
this advisory for the most complete and current information.
The left column lists Cisco software releases, and the right column
indicates whether a release was affected by the vulnerability described in
this advisory and which release included the fix for this vulnerability.
Cisco Product Cisco Bug First Fixed Release
ID
IP Conference Phone 7832
IP Conference Phone 8832
IP Phones 7811, 7821, 7841, CSCvy39057 14.1(1)
and 7861
IP Phones 8811, 8841,8845,
8851, 8861, and 8865
Unified IP Conference Phone
8831 End of software maintenance. No
Unified IP Conference Phone CSCvy39054 fix available. See the next
8831 for Third-Party Call section.
Control
Unified IP Phones 7945G, End of software maintenance. No
7965G, and 7975G CSCvy39059 fix available. See the next
section.
Unified SIP Phone 3905 CSCvy39055 9.4(1)SR5
Wireless IP Phones 8821 and CSCvy39058 11.0(6)SR2
8821-EX
Unified IP Conference Phone 8831 and 8831 for Third-Party Call Control and
Unified IP Phones 7945G, 7965G, and 7975G
Cisco has not released and will not release firmware updates to address the
vulnerability described in this advisory. The Cisco Unified IP Conference
Phone 8831 and 8831 for Third-Party Call Control as well as Cisco Unified
IP Phones 7945G, 7965G, and 7975G have entered the end-of-life process.
Customers are advised to refer to the end-of-life notices for these
products:
End-of-Sale and End-of-Life Announcement for the Cisco IP Conference Phone
8831 for on-premise and accessories
End-of-Sale and End-of-Life Announcement for the Cisco IP Conference Phone
8831 for Multiplatform Phones and Accessories
End-of-Sale and End-of-Life Announcement for the Cisco Unified IP Phones
7945, 7965, 7975 and 7916
Customers are encouraged to migrate to the products listed in the
end-of-life notices.
When considering a device migration, customers are advised to regularly
consult the advisories for Cisco products, which are available from the
Cisco Security Advisories page , to determine exposure and a complete
upgrade solution.
In all cases, customers should ensure that the new device will be
sufficient for their network needs, the new devices contain sufficient
memory, and that current hardware and software configurations will continue
to be supported properly by the new product. If the information is not
clear, customers are advised to contact the Cisco Technical Assistance
Center (TAC) or their contracted maintenance providers.
The Cisco Product Security Incident Response Team (PSIRT) validates only
the affected and fixed release information that is documented in this
advisory.
Exploitation and Public Announcements
o The Cisco PSIRT is not aware of any public announcements or malicious use
of the vulnerability that is described in this advisory.
Source
o Cisco would like to thank Gerhard Hechenberger and Steffen Robertz of the
SEC Consult Vulnerability Lab for reporting this vulnerability.
Cisco Security Vulnerability Policy
o To learn about Cisco security vulnerability disclosure policies and
publications, see the Security Vulnerability Policy . This document also
contains instructions for obtaining fixed software and receiving security
vulnerability information from Cisco.
URL
o https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA
Revision History
o +----------+---------------------------+----------+--------+--------------+
| Version | Description | Section | Status | Date |
+----------+---------------------------+----------+--------+--------------+
| 1.0 | Initial public release. | - | Final | 2022-JAN-12 |
+----------+---------------------------+----------+--------+--------------+
ZMCIRT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. ZMCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Internet Email: report@cirt.zm
Telephone: 7070
ZMCIRT personnel answer during Zambian business hours
which are 8am to 5pm.
On call after hours for member emergencies only.
===========================================================================
Copyright @2023 ZAMBIA CIRT