Description

A vulnerability in the debug shell of Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series could allow an authenticated, local attacker to access sensitive information on an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials with SSH access on the affected device. SSH access is disabled by default. This vulnerability is due to insufficient validation of user-supplied input by the debug shell of an affected device. An attacker could exploit this vulnerability by sending a crafted SSH client command to the CLI. A successful exploit could allow the attacker to access sensitive information on the underlying operating system.

INFO

Published Date :

2025-02-19T16:06:00.812Z

Last Modified :

2025-02-19T16:22:29.304Z

Source :

cisco
AFFECTED PRODUCTS

The following products are affected by CVE-2025-20158 vulnerability.

Vendors Products
Cisco
  • Desk Phone 9841
  • Desk Phone 9841 Firmware
  • Desk Phone 9851
  • Desk Phone 9851 Firmware
  • Desk Phone 9861
  • Desk Phone 9861 Firmware
  • Desk Phone 9871
  • Desk Phone 9871 Firmware
  • Video Phone 8875
  • Video Phone 8875 Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-20158.

URL Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-info-disc-YyxsWStK cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact