发布日期：2022-01-12
更新日期：2022-01-13

受影响系统：

Cisco Cisco IP Conference Phone 7832
Cisco Cisco IP Conference Phone 8832
Cisco Cisco IP Phones 8865
Cisco Cisco IP Phones 8861
Cisco Cisco IP Phones 8851
Cisco Cisco IP Phones 8845
Cisco Cisco IP Phones 8841
Cisco Cisco IP Phones 8811
Cisco Cisco IP Phones 7861
Cisco Cisco IP Phones 7841
Cisco Cisco IP Phones 7821
Cisco Cisco IP Phones 7811
Cisco Cisco Unified IP Conference Phone 8831 for Third-Party Call Cont
Cisco Cisco Unified IP Conference Phone 8831
Cisco Cisco Unified IP Phones 7975G
Cisco Cisco Unified IP Phones 7965G
Cisco Cisco Unified IP Phones 7945G
Cisco Cisco Unified SIP Phone 3905
Cisco Cisco Wireless IP Phones 8821-EX
Cisco Cisco Wireless IP Phones 8821

描述：

---

CVE(CAN) ID: CVE-2022-20660

Cisco IP Phone是思科的IP电话系列产品。
多款Cisco IP Phones存在信息泄露漏洞。该漏洞源于机密信息未进行加密存储。未经身份认证的攻击者可通过物理提取或访问闪存芯片利用该漏洞获得机密信息。

<*链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fR
*>

建议：

---

厂商补丁：

Cisco
-----
Cisco已经为此发布了一个安全公告（cisco-sa-ip-phone-info-disc-fRdJfOxA）以及相应补丁:
cisco-sa-ip-phone-info-disc-fRdJfOxA：Cisco IP Phones Information Disclosure Vulnerability
链接：https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-info-disc-fRdJfOxA

浏览次数：3548
严重程度：0（网友投票）