What is CVE-2020-3360?

CVE-2020-3360 is a medium-severity vulnerability in Cisco Ip Phone 8800 Series Software, classified under Information Disclosure. CVSS score: 5.3/10. Published 2020-06-18.

How severe is CVE-2020-3360?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Auth bypass in Cisco Ip Phone 8800 Series Software

CVE-2020-3360

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access contr…

Vulnerability class: Information Disclosure

EPSS: 0.013 (65.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Cisco Ip Phone 8800 Series Software — versions n/a
Cisco Unified_ip_phone_6901
Cisco Unified_ip_phone_6901_firmware
Cisco Unified_ip_phone_6911
Cisco Unified_ip_phone_6911_firmware
Cisco Unified_ip_phone_6921
Cisco Unified_ip_phone_6921_firmware
Cisco Unified_ip_phone_6941
Cisco Unified_ip_phone_6941_firmware
Cisco Unified_ip_phone_6945

Weakness classification (CWE)

CWE-200 — Information Disclosure
CWE-863 — Incorrect Authorization

References

psirt@cisco.com (x_refsource_CISCO, vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2020-3360?: CVE-2020-3360 is a medium-severity vulnerability in Cisco Ip Phone 8800 Series Software, classified under Information Disclosure. CVSS score: 5.3/10. Published 2020-06-18.
How severe is CVE-2020-3360?: Medium severity. CVSS v3 base score is 5.3 out of 10.