What is CVE-2023-20018?

CVE-2023-20018 is a high-severity vulnerability in Cisco Session Initiation Protocol (Sip) Software, classified under Authentication Bypass Using an Alternate Path or Channel. CVSS score: 8.6/10. Published 2023-01-19.

How severe is CVE-2023-20018?

High severity. CVSS v3 base score is 8.6 out of 10.

Vulnerability in Cisco Session Initiation Protocol (Sip) Software

CVE-2023-20018

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to insufficien…

EPSS: 0.004 (59.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H.

Affected products

Cisco Session Initiation Protocol (Sip) Software — versions 9.3(4) 3rd Party, 9.3(4)SR3 3rd Party, 9.3(4)SR1 3rd Party

Weakness classification (CWE)

CWE-288 — Authentication Bypass Using an Alternate Path or Channel

References

cisco-sa-ip-phone-auth-bypass-pSqxZRPR

Frequently asked questions

What is CVE-2023-20018?: CVE-2023-20018 is a high-severity vulnerability in Cisco Session Initiation Protocol (Sip) Software, classified under Authentication Bypass Using an Alternate Path or Channel. CVSS score: 8.6/10. Published 2023-01-19.
How severe is CVE-2023-20018?: High severity. CVSS v3 base score is 8.6 out of 10.