Cisco Session Initiation Protocol Software up to 14.3(1)SR1 Request access control

Summaryinfo

A vulnerability was found in Cisco Session Initiation Protocol Software. It has been classified as critical. Affected by this issue is some unknown functionality of the component Request Handler. This manipulation causes access control. This vulnerability is handled as CVE-2025-20335. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

Detailsinfo

A vulnerability has been found in Cisco Session Initiation Protocol Software and classified as critical. Affected by this vulnerability is an unknown code block of the component Request Handler. The manipulation with an unknown input leads to a access control vulnerability. The CWE definition for the vulnerability is CWE-284. The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

A vulnerability in the directory permissions of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to perform arbitrary file writes to specific directories in the underlying operating system. Note: To exploit this vulnerability, Web Access must be enabled on the phone. Web Access is disabled by default.

It is possible to read the advisory at sec.cloudapps.cisco.com. This vulnerability is known as CVE-2025-20335 since 10/10/2024. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 09/04/2025). The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.

Upgrading eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2025-1958). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Affected

• Cisco IP Phone

Productinfo

Vendor

• Cisco

Name

• Session Initiation Protocol Software

Version

• 2.0(1)
• 2.1(1)
• 2.2(1)
• 2.3(1)
• 2.3(1)SR1
• 3.0(1)
• 3.1(1)
• 3.1(1)SR1
• 3.2(1)
• 9.3(3)
• 10.1(1)SR1
• 10.1(1)SR2
• 10.1(1.9)
• 10.2(1)
• 10.2(1)SR1
• 10.2(2)
• 10.3(1)
• 10.3(1)SR1
• 10.3(1)SR2
• 10.3(1)SR3
• 10.3(1)SR4
• 10.3(1)SR4b
• 10.3(1)SR5
• 10.3(1)SR6
• 10.3(1)SR7
• 10.3(2)
• 11-0-1MSR1-1
• 11.0(0.7) MPP
• 11.0(1)
• 11.0(2)
• 11.0(2)SR1
• 11.0(2)SR2
• 11.0(3)
• 11.0(3)SR1
• 11.0(3)SR2
• 11.0(3)SR3
• 11.0(3)SR4
• 11.0(3)SR5
• 11.0(3)SR6
• 11.0(4)
• 11.0(4)SR1
• 11.0(4)SR2
• 11.0(4)SR3
• 11.0(5)
• 11.0(5)SR1
• 11.0(5)SR2
• 11.0(5)SR3
• 11.0(6)
• 11.0(6)SR1
• 11.0(6)SR2
• 11.0(6)SR4
• 11.0(6)SR5
• 11.0(6)SR6
• 11.5(1)
• 11.5(1)SR1
• 11.7(1)
• 12.0(1)
• 12.0(1)SR1
• 12.0(1)SR2
• 12.0(1)SR3
• 12.1(1)
• 12.1(1)SR1
• 12.5(1)
• 12.5(1)SR1
• 12.5(1)SR2
• 12.5(1)SR3
• 12.6(1)
• 12.6(1)SR1
• 12.7(1)
• 12.7(1)SR1
• 12.8(1)
• 12.8(1)SR1
• 12.8(1)SR2
• 14.0(1)
• 14.0(1)SR1
• 14.0(1)SR2
• 14.0(1)SR3
• 14.1(1)
• 14.1(1)SR1
• 14.1(1)SR2
• 14.1(1)SR3
• 14.2(1)
• 14.2(1)SR1
• 14.2(1)SR2
• 14.2(1)SR3
• 14.2(1)SR4
• 14.3(1)
• 14.3(1)SR1

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔒
• 🔒
• 🔒

CPE 2.2info

• 🔒
• 🔒
• 🔒

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion