What is CVE-2022-20660?

CVE-2022-20660 is a medium-severity vulnerability in Cisco Session Initiation Protocol (Sip) Software, classified under Cleartext Storage of Sensitive Information. CVSS score: 4.6/10. Published 2022-01-14.

How severe is CVE-2022-20660?

Medium severity. CVSS v3 base score is 4.6 out of 10.

Vulnerability in Cisco Session Initiation Protocol (Sip) Software

CVE-2022-20660

A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device. This vulnerability is due to unencrypted…

EPSS: 0.001 (24.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.6 (Medium). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Cisco Session Initiation Protocol (Sip) Software — versions n/a

Weakness classification (CWE)

CWE-312 — Cleartext Storage of Sensitive Information

References

20220113 Cisco IP Phones Information Disclosure Vulnerability (vendor-advisory, x_refsource_CISCO)
20220114 SEC Consult SA-20220113-0 :: Cleartext Storage of Phone Password in Cisco IP Phones (mailing-list, x_refsource_FULLDISC)
packetstormsecurity.com/files/165567/Cisco-IP-Phone-Cleartext-Password-Storage… (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-20660?: CVE-2022-20660 is a medium-severity vulnerability in Cisco Session Initiation Protocol (Sip) Software, classified under Cleartext Storage of Sensitive Information. CVSS score: 4.6/10. Published 2022-01-14.
How severe is CVE-2022-20660?: Medium severity. CVSS v3 base score is 4.6 out of 10.