Vulnerability-Lookup

CVE-2024-20376 (GCVE-0-2024-20376)

Vulnerability from cvelistv5 – Published: 2024-05-01 16:43 – Updated: 2024-08-01 21:59

Summary

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-787 - Out-of-bounds Write

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

Vendor

Product

Version

Cisco

Cisco IP Phones with Multiplatform Firmware

Affected: 11.3.1 MSR2-6
Affected: 11.3.1 MSR3-3
Affected: 11.3.2
Affected: 11.3.3
Affected: 11.3.1 MSR4-1
Affected: 11.3.4
Affected: 11.3.5
Affected: 11.3.3 MSR2
Affected: 11.3.3 MSR1
Affected: 11.3.6
Affected: 11-3-1MPPSR4UPG
Affected: 11.3.7
Affected: 11-3-1MSR2UPG
Affected: 11.3.6SR1
Affected: 11.3.7SR1
Affected: 11.3.7SR2
Affected: 11.0.0
Affected: 11.0.1
Affected: 11.0.1 MSR1-1
Affected: 11.0.2
Affected: 11.1.1
Affected: 11.1.1 MSR1-1
Affected: 11.1.1 MSR2-1
Affected: 11.1.2
Affected: 11.1.2 MSR1-1
Affected: 11.1.2 MSR3-1
Affected: 11.2.1
Affected: 11.2.2
Affected: 11.2.3
Affected: 11.2.3 MSR1-1
Affected: 11.2.4
Affected: 11.3.1
Affected: 11.3.1 MSR1-3
Affected: 4.5
Affected: 4.6 MSR1
Affected: 4.7.1
Affected: 4.8.1
Affected: 4.8.1 SR1
Affected: 5.0.1
Affected: 12.0.1
Affected: 12.0.2
Affected: 12.0.3
Affected: 12.0.3SR1
Affected: 12.0.4
Affected: 5.1.1
Affected: 5.1.2
Affected: 5.1(2)SR1

Cisco

Cisco PhoneOS

Affected: 1.0.1
Affected: 2.1.1
Affected: 2.0.1
Affected: 2.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_6871_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_6821_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_6851_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_7821_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_6861_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_6825_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_6841_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_7811_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_7841_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_7861_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip_phone_8800_series_with_multiplatform_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "video_phone_8875_firmware",
            "vendor": "cisco",
            "versions": [
              {
                "lessThanOrEqual": "12.0.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20376",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-01T20:50:33.825806Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T13:47:10.312Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T21:59:42.187Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IP Phones with Multiplatform Firmware",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "11.3.1 MSR2-6"
            },
            {
              "status": "affected",
              "version": "11.3.1 MSR3-3"
            },
            {
              "status": "affected",
              "version": "11.3.2"
            },
            {
              "status": "affected",
              "version": "11.3.3"
            },
            {
              "status": "affected",
              "version": "11.3.1 MSR4-1"
            },
            {
              "status": "affected",
              "version": "11.3.4"
            },
            {
              "status": "affected",
              "version": "11.3.5"
            },
            {
              "status": "affected",
              "version": "11.3.3 MSR2"
            },
            {
              "status": "affected",
              "version": "11.3.3 MSR1"
            },
            {
              "status": "affected",
              "version": "11.3.6"
            },
            {
              "status": "affected",
              "version": "11-3-1MPPSR4UPG"
            },
            {
              "status": "affected",
              "version": "11.3.7"
            },
            {
              "status": "affected",
              "version": "11-3-1MSR2UPG"
            },
            {
              "status": "affected",
              "version": "11.3.6SR1"
            },
            {
              "status": "affected",
              "version": "11.3.7SR1"
            },
            {
              "status": "affected",
              "version": "11.3.7SR2"
            },
            {
              "status": "affected",
              "version": "11.0.0"
            },
            {
              "status": "affected",
              "version": "11.0.1"
            },
            {
              "status": "affected",
              "version": "11.0.1 MSR1-1"
            },
            {
              "status": "affected",
              "version": "11.0.2"
            },
            {
              "status": "affected",
              "version": "11.1.1"
            },
            {
              "status": "affected",
              "version": "11.1.1 MSR1-1"
            },
            {
              "status": "affected",
              "version": "11.1.1 MSR2-1"
            },
            {
              "status": "affected",
              "version": "11.1.2"
            },
            {
              "status": "affected",
              "version": "11.1.2 MSR1-1"
            },
            {
              "status": "affected",
              "version": "11.1.2 MSR3-1"
            },
            {
              "status": "affected",
              "version": "11.2.1"
            },
            {
              "status": "affected",
              "version": "11.2.2"
            },
            {
              "status": "affected",
              "version": "11.2.3"
            },
            {
              "status": "affected",
              "version": "11.2.3 MSR1-1"
            },
            {
              "status": "affected",
              "version": "11.2.4"
            },
            {
              "status": "affected",
              "version": "11.3.1"
            },
            {
              "status": "affected",
              "version": "11.3.1 MSR1-3"
            },
            {
              "status": "affected",
              "version": "4.5"
            },
            {
              "status": "affected",
              "version": "4.6 MSR1"
            },
            {
              "status": "affected",
              "version": "4.7.1"
            },
            {
              "status": "affected",
              "version": "4.8.1"
            },
            {
              "status": "affected",
              "version": "4.8.1 SR1"
            },
            {
              "status": "affected",
              "version": "5.0.1"
            },
            {
              "status": "affected",
              "version": "12.0.1"
            },
            {
              "status": "affected",
              "version": "12.0.2"
            },
            {
              "status": "affected",
              "version": "12.0.3"
            },
            {
              "status": "affected",
              "version": "12.0.3SR1"
            },
            {
              "status": "affected",
              "version": "12.0.4"
            },
            {
              "status": "affected",
              "version": "5.1.1"
            },
            {
              "status": "affected",
              "version": "5.1.2"
            },
            {
              "status": "affected",
              "version": "5.1(2)SR1"
            }
          ]
        },
        {
          "product": "Cisco PhoneOS",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.1"
            },
            {
              "status": "affected",
              "version": "2.1.1"
            },
            {
              "status": "affected",
              "version": "2.0.1"
            },
            {
              "status": "affected",
              "version": "2.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.  \r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "Out-of-bounds Write",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-01T16:43:15.553Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
        }
      ],
      "source": {
        "advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
        "defects": [
          "CSCwi64103",
          "CSCwi64077"
        ],
        "discovery": "EXTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20376",
    "datePublished": "2024-05-01T16:43:15.553Z",
    "dateReserved": "2023-11-08T15:08:07.655Z",
    "dateUpdated": "2024-08-01T21:59:42.187Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS\", \"name\": \"cisco-sa-ipphone-multi-vulns-cXAhCvS\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:59:42.187Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-20376\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-01T20:50:33.825806Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_6871_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_6821_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_6851_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_7821_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_6861_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_6825_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_6841_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_7811_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_7841_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_7861_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_8800_series_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"video_phone_8875_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-01T20:52:27.301Z\"}}], \"cna\": {\"source\": {\"defects\": [\"CSCwi64103\", \"CSCwi64077\"], \"advisory\": \"cisco-sa-ipphone-multi-vulns-cXAhCvS\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IP Phones with Multiplatform Firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.3.1 MSR2-6\"}, {\"status\": \"affected\", \"version\": \"11.3.1 MSR3-3\"}, {\"status\": \"affected\", \"version\": \"11.3.2\"}, {\"status\": \"affected\", \"version\": \"11.3.3\"}, {\"status\": \"affected\", \"version\": \"11.3.1 MSR4-1\"}, {\"status\": \"affected\", \"version\": \"11.3.4\"}, {\"status\": \"affected\", \"version\": \"11.3.5\"}, {\"status\": \"affected\", \"version\": \"11.3.3 MSR2\"}, {\"status\": \"affected\", \"version\": \"11.3.3 MSR1\"}, {\"status\": \"affected\", \"version\": \"11.3.6\"}, {\"status\": \"affected\", \"version\": \"11-3-1MPPSR4UPG\"}, {\"status\": \"affected\", \"version\": \"11.3.7\"}, {\"status\": \"affected\", \"version\": \"11-3-1MSR2UPG\"}, {\"status\": \"affected\", \"version\": \"11.3.6SR1\"}, {\"status\": \"affected\", \"version\": \"11.3.7SR1\"}, {\"status\": \"affected\", \"version\": \"11.3.7SR2\"}, {\"status\": \"affected\", \"version\": \"11.0.0\"}, {\"status\": \"affected\", \"version\": \"11.0.1\"}, {\"status\": \"affected\", \"version\": \"11.0.1 MSR1-1\"}, {\"status\": \"affected\", \"version\": \"11.0.2\"}, {\"status\": \"affected\", \"version\": \"11.1.1\"}, {\"status\": \"affected\", \"version\": \"11.1.1 MSR1-1\"}, {\"status\": \"affected\", \"version\": \"11.1.1 MSR2-1\"}, {\"status\": \"affected\", \"version\": \"11.1.2\"}, {\"status\": \"affected\", \"version\": \"11.1.2 MSR1-1\"}, {\"status\": \"affected\", \"version\": \"11.1.2 MSR3-1\"}, {\"status\": \"affected\", \"version\": \"11.2.1\"}, {\"status\": \"affected\", \"version\": \"11.2.2\"}, {\"status\": \"affected\", \"version\": \"11.2.3\"}, {\"status\": \"affected\", \"version\": \"11.2.3 MSR1-1\"}, {\"status\": \"affected\", \"version\": \"11.2.4\"}, {\"status\": \"affected\", \"version\": \"11.3.1\"}, {\"status\": \"affected\", \"version\": \"11.3.1 MSR1-3\"}, {\"status\": \"affected\", \"version\": \"4.5\"}, {\"status\": \"affected\", \"version\": \"4.6 MSR1\"}, {\"status\": \"affected\", \"version\": \"4.7.1\"}, {\"status\": \"affected\", \"version\": \"4.8.1\"}, {\"status\": \"affected\", \"version\": \"4.8.1 SR1\"}, {\"status\": \"affected\", \"version\": \"5.0.1\"}, {\"status\": \"affected\", \"version\": \"12.0.1\"}, {\"status\": \"affected\", \"version\": \"12.0.2\"}, {\"status\": \"affected\", \"version\": \"12.0.3\"}, {\"status\": \"affected\", \"version\": \"12.0.3SR1\"}, {\"status\": \"affected\", \"version\": \"12.0.4\"}, {\"status\": \"affected\", \"version\": \"5.1.1\"}, {\"status\": \"affected\", \"version\": \"5.1.2\"}, {\"status\": \"affected\", \"version\": \"5.1(2)SR1\"}]}, {\"vendor\": \"Cisco\", \"product\": \"Cisco PhoneOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.1\"}, {\"status\": \"affected\", \"version\": \"2.1.1\"}, {\"status\": \"affected\", \"version\": \"2.0.1\"}, {\"status\": \"affected\", \"version\": \"2.3.1\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS\", \"name\": \"cisco-sa-ipphone-multi-vulns-cXAhCvS\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.  \\r\\n\\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-787\", \"description\": \"Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2024-05-01T16:43:15.553Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-20376\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T21:59:42.187Z\", \"dateReserved\": \"2023-11-08T15:08:07.655Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2024-05-01T16:43:15.553Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CNVD-2024-41620

Vulnerability from cnvd - Published: 2024-10-23

Title

Cisco IP Phone拒绝服务漏洞（CNVD-2024-41620）

Description

Cisco IP Phone是美国思科（Cisco）公司的一个硬件设备，提供通话功能的IP电话。 Cisco IP Phone存在拒绝服务漏洞，该漏洞源于对用户提供的输入验证不足，未经身份验证的远程攻击者可利用该漏洞导致受影响的设备重新加载，从而使设备无法正常运行。

Severity

高

Patch Name

Cisco IP Phone拒绝服务漏洞（CNVD-2024-41620）的补丁

Patch Description

Cisco IP Phone是美国思科（Cisco）公司的一个硬件设备，提供通话功能的IP电话。 Cisco IP Phone存在拒绝服务漏洞，该漏洞源于对用户提供的输入验证不足，未经身份验证的远程攻击者可利用该漏洞导致受影响的设备重新加载，从而使设备无法正常运行。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS

Reference

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20376

Impacted products

Name
Cisco IP Phone

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-20376",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-20376"
    }
  },
  "description": "Cisco IP Phone\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u786c\u4ef6\u8bbe\u5907\uff0c\u63d0\u4f9b\u901a\u8bdd\u529f\u80fd\u7684IP\u7535\u8bdd\u3002\n\nCisco IP Phone\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u9a8c\u8bc1\u4e0d\u8db3\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u91cd\u65b0\u52a0\u8f7d\uff0c\u4ece\u800c\u4f7f\u8bbe\u5907\u65e0\u6cd5\u6b63\u5e38\u8fd0\u884c\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-41620",
  "openTime": "2024-10-23",
  "patchDescription": "Cisco IP Phone\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u786c\u4ef6\u8bbe\u5907\uff0c\u63d0\u4f9b\u901a\u8bdd\u529f\u80fd\u7684IP\u7535\u8bdd\u3002\r\n\r\nCisco IP Phone\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u9a8c\u8bc1\u4e0d\u8db3\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u91cd\u65b0\u52a0\u8f7d\uff0c\u4ece\u800c\u4f7f\u8bbe\u5907\u65e0\u6cd5\u6b63\u5e38\u8fd0\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco IP Phone\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2024-41620\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco IP Phone"
  },
  "referenceLink": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20376",
  "serverity": "\u9ad8",
  "submitTime": "2024-06-28",
  "title": "Cisco IP Phone\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2024-41620\uff09"
}

CVE-2024-20376

Vulnerability from fstec - Published: 01.05.2024

Title

Уязвимость веб-интерфейса управления микропрограммного обеспечения IP-телефонов Cisco IP Phone 6800, Cisco IP Phone 7800, Cisco IP Phone 8800 и Cisco IP Phone 8875, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость веб-интерфейса управления микропрограммного обеспечения IP-телефонов Cisco IP Phone 6800, Cisco IP Phone 7800, Cisco IP Phone 8800 и Cisco IP Phone 8875 связана с выходом операци за границы буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании путём отправки специально сформированного запроса

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vendor

Cisco Systems Inc.

Software Name

Cisco IP Phone 6800, Cisco IP Phone 7800, Cisco IP Phone 8800, Video Phone 8875

Software Version

до 12.0.4SR1 (Cisco IP Phone 6800), до 12.0.4SR1 (Cisco IP Phone 7800), до 12.0.4SR1 (Cisco IP Phone 8800), до 2.3.1.0101 (Video Phone 8875)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - использование средств межсетевого экранирования для ограничения возможности удалённого доступа; - использование виртуальных частных сетей для организации удаленного доступа (VPN). Использование рекомендаций производителя: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS

Reference

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS

CWE

CWE-787

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 12.0.4SR1 (Cisco IP Phone 6800), \u0434\u043e 12.0.4SR1 (Cisco IP Phone 7800), \u0434\u043e 12.0.4SR1 (Cisco IP Phone 8800), \u0434\u043e 2.3.1.0101 (Video Phone 8875)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0447\u0430\u0441\u0442\u043d\u044b\u0445 \u0441\u0435\u0442\u0435\u0439 \u0434\u043b\u044f \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (VPN).\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "01.05.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.05.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.05.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-03451",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-20376",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco IP Phone 6800, Cisco IP Phone 7800, Cisco IP Phone 8800, Video Phone 8875",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f IP-\u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043e\u0432 Cisco IP Phone 6800, Cisco IP Phone 7800, Cisco IP Phone 8800 \u0438 Cisco IP Phone 8875, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f IP-\u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043e\u0432 Cisco IP Phone 6800, Cisco IP Phone 7800, Cisco IP Phone 8800 \u0438 Cisco IP Phone 8875 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u044b\u0445\u043e\u0434\u043e\u043c \u043e\u043f\u0435\u0440\u0430\u0446\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u043f\u0443\u0442\u0451\u043c \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0437\u0430\u043f\u0440\u043e\u0441\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}

FKIE_CVE-2024-20376

Vulnerability from fkie_nvd - Published: 2024-05-01 17:15 - Updated: 2026-01-05 14:57

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

	URL	Tags
	psirt@cisco.com	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS	Vendor Advisory

Impacted products

Vendor	Product	Version
cisco	video_phone_8875_firmware	*
cisco	video_phone_8875	-
cisco	ip_phone_6821_with_multiplatform_firmware	*
cisco	ip_phone_6821	-
cisco	ip_phone_6841_with_multiplatform_firmware	*
cisco	ip_phone_6841	-
cisco	ip_phone_6851_with_multiplatform_firmware	*
cisco	ip_phone_6851	-
cisco	ip_phone_6861_with_multiplatform_firmware	*
cisco	ip_phone_6861	-
cisco	ip_phone_6871_with_multiplatform_firmware	*
cisco	ip_phone_6871	-
cisco	ip_phone_7811_with_multiplatform_firmware	*
cisco	ip_phone_7811	-
cisco	ip_phone_7821_with_multiplatform_firmware	*
cisco	ip_phone_7821	-
cisco	ip_phone_7832_with_multiplatform_firmware	*
cisco	ip_phone_7832	-
cisco	ip_phone_7841_with_multiplatform_firmware	*
cisco	ip_phone_7841	-
cisco	ip_phone_7861_with_multiplatform_firmware	*
cisco	ip_phone_7861	-
cisco	ip_phone_8811_with_multiplatform_firmware	*
cisco	ip_phone_8811	-
cisco	ip_phone_8832_with_multiplatform_firmware	*
cisco	ip_phone_8832	-
cisco	ip_phone_8841_with_multiplatform_firmware	*
cisco	ip_phone_8841	-
cisco	ip_phone_8845_with_multiplatform_firmware	*
cisco	ip_phone_8845	-
cisco	ip_phone_8851_with_multiplatform_firmware	*
cisco	ip_phone_8851	-
cisco	ip_phone_8861_with_multiplatform_firmware	*
cisco	ip_phone_8861	-
cisco	ip_phone_8865_with_multiplatform_firmware	*
cisco	ip_phone_8865	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6305C250-2F7B-4AA4-B33A-9791F8ED4645",
              "versionEndExcluding": "2.3.1.0101",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC9019DD-6941-42F3-8B66-1F3CDDDA86E7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46491D2F-B16E-4994-B9F0-1AF29A5AAFD0",
              "versionEndIncluding": "12.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_6821:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEFD67F1-8FB1-4F27-8B97-59DF78DE41A1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09BAE967-5E57-4A8B-B581-0325C9CA7EC6",
              "versionEndIncluding": "12.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE4960B1-22B4-4B3D-955E-684DA520A1A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0CE82B8-ADEF-41B2-813D-3A3CD33E56C6",
              "versionEndIncluding": "12.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5809CA01-CF32-4E3A-A771-01D5065F0061",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BDB0A67-0DC4-47A5-BB48-2C763C5AE162",
              "versionEndIncluding": "12.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C05A7CA6-AD58-45D7-AF32-129E22855D8E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBEAA597-5675-4B3D-BC2B-F0527B5668C1",
              "versionEndIncluding": "12.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "864B486C-71F6-4EFD-8F04-BA7FC18DFD5B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E237174-1667-4EDD-A3CF-4183319BF4FC",
              "versionEndIncluding": "12.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E780BB38-2430-4B93-A89A-DB0FE280A84D",
              "versionEndIncluding": "12.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_7832_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "09CCC3C7-779D-4969-B28E-76E4D49E84D9",
              "versionEndIncluding": "12.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32D8B3FD-3157-49D3-A4BA-D4FAAB1B6D4C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "772FCFFF-87F0-4D45-80E7-8CEBB648F41D",
              "versionEndIncluding": "12.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7202509-F176-4882-96E6-1F8E9F2AB99A",
              "versionEndIncluding": "12.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "308A0211-846B-4E00-9063-1E4820CE0163",
              "versionEndIncluding": "12.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8832_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30BD59AC-C3E8-4DC1-88B9-86616001897C",
              "versionEndIncluding": "12.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8832:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5EA5C6B-243B-419A-9C60-1CDBD039C1D8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "94B479FF-B77E-47D8-B00B-19AB3BEF451E",
              "versionEndIncluding": "12.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4BFB4E2-4C19-4787-A7EF-23749E34712A",
              "versionEndIncluding": "12.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAF6B373-8439-4B5D-94F9-DE776FB6CE77",
              "versionEndIncluding": "12.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90B0B215-E2BA-466E-AAEF-52A413C758F0",
              "versionEndIncluding": "12.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7505654-64D2-40EB-BE53-F7705899D73F",
              "versionEndIncluding": "12.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.  \r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del firmware del tel\u00e9fono IP de Cisco podr\u00eda permitir que un atacante remoto no autenticado provoque la recarga de un dispositivo afectado, lo que resultar\u00eda en una condici\u00f3n DoS. Esta vulnerabilidad se debe a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando una solicitud manipulada a la interfaz de administraci\u00f3n basada en web de un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el dispositivo afectado se recargue."
    }
  ],
  "id": "CVE-2024-20376",
  "lastModified": "2026-01-05T14:57:58.600",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2024-05-01T17:15:28.407",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    }
  ]
}

GHSA-FVX9-Q8PV-WXV9

Vulnerability from github – Published: 2024-05-01 18:30 – Updated: 2024-05-01 18:30

Details

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-20376"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-01T17:15:28Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.  \n\n This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.",
  "id": "GHSA-fvx9-q8pv-wxv9",
  "modified": "2024-05-01T18:30:41Z",
  "published": "2024-05-01T18:30:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-20376"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2024-20376

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-20376

Aliases

CVE-2024-20376

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2024-20376",
    "id": "GSD-2024-20376"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-20376"
      ],
      "id": "GSD-2024-20376",
      "modified": "2023-12-13T01:21:43.175040Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-20376",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

CERTFR-2024-AVI-0357

Vulnerability from certfr_avis - Published: 2024-05-02 - Updated: 2024-05-02

De multiples vulnérabilités ont été découvertes dans Cisco IP Phone. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	IP Phone	IP Phone 6800 Series avec un microgiciel Multiplatform
Cisco	IP Phone	IP Phone 8800 Series avec un microgiciel Multiplatform
Cisco	IP Phone	Video Phone 8875 en mode Multiplatform
Cisco	IP Phone	IP Phone 7800 Series avec un microgiciel Multiplatform

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-20376 (GCVE-0-2024-20376)

CNVD-2024-41620

CVE-2024-20376

FKIE_CVE-2024-20376

GHSA-FVX9-Q8PV-WXV9

GSD-2024-20376

CERTFR-2024-AVI-0357

Solution

Tags

Sightings

Nomenclature