CVE-2025-20336

{"id": "CVE-2025-20336", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-09-03T18:15:34.637", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-write-g3kcC5Df", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r\nThis vulnerability exists because the product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. An attacker could exploit this vulnerability by sending a crafted packet to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information from the device.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default."}], "lastModified": "2026-01-05T14:49:30.253", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:desk_phone_9841_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF49016B-CAE6-4DE4-8449-04869029360B", "versionEndExcluding": "3.3\\(1\\)", "versionStartIncluding": "3.0\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:desk_phone_9841:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8176E19D-B625-4891-9018-F42228F1266B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:desk_phone_9851_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "643F71B7-91EF-433B-A4EE-DC0A4D7ABF03", "versionEndExcluding": "3.3\\(1\\)", "versionStartIncluding": "3.0\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:desk_phone_9851:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "713F43A6-745A-4DAB-AD2D-3139E9E5C1A0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:desk_phone_9861_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B218261-3865-4179-A775-2DCF37C713C8", "versionEndExcluding": "3.3\\(1\\)", "versionStartIncluding": "3.0\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:desk_phone_9861:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A8D01D5F-4EAE-4547-AB41-44F7885491C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:desk_phone_9871_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45174807-089C-4E3C-9C02-1D6D8708BC49", "versionEndExcluding": "3.3\\(1\\)", "versionStartIncluding": "3.0\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:desk_phone_9871:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D14CF47-7581-40E5-91A1-AC6BB5137358"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0C291D5-EEF2-4CEF-9C2D-E4F067AEE5A5", "versionEndExcluding": "14.3\\(1\\)"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:14.3\\(1\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B27034E5-2F4B-4210-8A80-6A6362F8C980"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "965852CD-DBCC-4AAE-AD00-C29B0933005D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C71D54E-2D4A-4AA7-8E93-33214794B0B2", "versionEndExcluding": "14.3\\(1\\)"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\\(1\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC626E90-9019-4180-BE62-047B9864C34E"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B747AA4-D45A-4A8E-BEB1-533CF085D1F8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D27D332-69A3-4CFF-AE61-AAA6B31FAFC1", "versionEndExcluding": "14.3\\(1\\)"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\\(1\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3E84980-7697-4479-A2E9-18E4BF3B991E"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "88926FA9-41A2-4ECE-992F-B4200694BC7D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2072265-6A36-4DB7-8722-C288AFA695FB", "versionEndExcluding": "14.3\\(1\\)"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:14.3\\(1\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80A9D20F-985B-4500-94A8-05DECE565C20"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11F0AAF5-913C-4FC2-9345-21F713985F24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D70C616-D775-41EB-BC7D-113F817B22EA", "versionEndExcluding": "14.3\\(1\\)"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:14.3\\(1\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "967D674B-9925-4AE7-AED6-751046960403"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C379DA9E-FEEE-468E-BBE2-7EF498010B30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "371ABCD4-DF50-4815-B02C-38D0505874FD", "versionEndExcluding": "14.3\\(1\\)"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:14.3\\(1\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CEBC653-2CED-4B2D-9890-B789F33DFE8B"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62BAFED6-BDE9-47FA-A632-7920A4AD32B3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50A18EDF-71F8-4B26-B5E7-1742831695E4", "versionEndExcluding": "14.3\\(1\\)"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:14.3\\(1\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1B44331-2BA1-402E-9317-8A3C97B646C6"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F716386E-44D5-462C-8FB5-FEF754256BC9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C56F335-2124-4806-8F30-9C67367BB44D", "versionEndExcluding": "14.3\\(1\\)"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:14.3\\(1\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CE7C15E-BD09-40C4-8187-7E523BFC0899"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24DD015B-C863-4F9C-8B97-729272586D87"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8851nr_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D47B048-D47B-45E1-BD25-C19A6B7CC55A", "versionEndExcluding": "14.3\\(1\\)"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8851nr_firmware:14.3\\(1\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "247B120C-20A0-4F0D-B9E6-C252ECF6194C"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8851nr_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FD5202B-453C-49E1-A6CD-810C033380BA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8851nr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "23BB2274-7668-4B80-9FF2-EC724C44685B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "196320B1-DC92-4D24-A34F-C1287B8382BE", "versionEndExcluding": "14.3\\(1\\)"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:14.3\\(1\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6AD2886B-D249-4B2C-933F-1E81889FB9F6"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63457A22-1F0D-4E01-8D6D-EDAD920E8BE5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A5C0983-4639-48E7-BE52-E69629EB802B", "versionEndExcluding": "14.3\\(1\\)"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:14.3\\(1\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B1CAB0B-ACB7-4AE1-B21C-FEC8D57F490E"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:14.3\\(1\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C207966D-C755-455F-B266-02FAD5CD3412"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C76337A0-E138-4227-A0F1-9CF635EECC14", "versionEndExcluding": "2.3\\(1\\)"}, {"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E930C776-5D3B-4F40-9F38-A8135AA6D9CB", "versionEndExcluding": "3.3\\(1\\)", "versionStartIncluding": "3.0\\(1\\)"}, {"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\\(1\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41019D10-27B9-4DA6-9DF3-780D0A7EE75C"}, {"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\\(1\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "690E8866-FF2F-4C72-8510-1E587B535A42"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CC9019DD-6941-42F3-8B66-1F3CDDDA86E7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54AA3288-EAFA-41FB-9532-9BA69C03F130", "versionEndExcluding": "11.0\\(6\\)"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBB24293-E296-4ABC-A887-09B741702F09"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A82BD02-5781-489F-8112-DA59E998F36A"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DED54C3-AB49-4030-98C3-4D4BD3D220D2"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9C7E266-6BA9-47EB-AF37-0A948C780D5D"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FC9887F-0F65-4FA5-95A4-95BAB70C03FE"}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(6\\):sr6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "097229AD-1840-4AB3-8120-0261DCA50986"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8821:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "36C99E0B-0383-4CB3-B325-EC0F3D57D39D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@cisco.com"}