CVE-2024-20376

EUVD-2024-18091
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.  

 This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
ciscovideo_phone_8875_firmware
𝑥
< 2.3.1.0101
ciscoip_phone_6821_with_multiplatform_firmware
𝑥
≤ 12.0.4
ciscoip_phone_6841_with_multiplatform_firmware
𝑥
≤ 12.0.4
ciscoip_phone_6851_with_multiplatform_firmware
𝑥
≤ 12.0.4
ciscoip_phone_6861_with_multiplatform_firmware
𝑥
≤ 12.0.4
ciscoip_phone_6871_with_multiplatform_firmware
𝑥
≤ 12.0.4
ciscoip_phone_7811_with_multiplatform_firmware
𝑥
≤ 12.0.4
ciscoip_phone_7821_with_multiplatform_firmware
𝑥
≤ 12.0.4
ciscoip_phone_7832_with_multiplatform_firmware
𝑥
≤ 12.0.4
ciscoip_phone_7841_with_multiplatform_firmware
𝑥
≤ 12.0.4
ciscoip_phone_7861_with_multiplatform_firmware
𝑥
≤ 12.0.4
ciscoip_phone_8811_with_multiplatform_firmware
𝑥
≤ 12.0.4
ciscoip_phone_8832_with_multiplatform_firmware
𝑥
≤ 12.0.4
ciscoip_phone_8841_with_multiplatform_firmware
𝑥
≤ 12.0.4
ciscoip_phone_8845_with_multiplatform_firmware
𝑥
≤ 12.0.4
ciscoip_phone_8851_with_multiplatform_firmware
𝑥
≤ 12.0.4
ciscoip_phone_8861_with_multiplatform_firmware
𝑥
≤ 12.0.4
ciscoip_phone_8865_with_multiplatform_firmware
𝑥
≤ 12.0.4
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
ciscoip_phone_6871_with_multiplatform_firmware
𝑥
≤ 12.0.4
ADP
ciscoip_phone_6821_with_multiplatform_firmware
𝑥
≤ 12.0.4
ADP
ciscoip_phone_6851_with_multiplatform_firmware
𝑥
≤ 12.0.4
ADP
ciscoip_phone_7821_with_multiplatform_firmware
𝑥
≤ 12.0.4
ADP
ciscoip_phone_6861_with_multiplatform_firmware
𝑥
≤ 12.0.4
ADP
ciscoip_phone_6825_with_multiplatform_firmware
𝑥
≤ 12.0.4
ADP
ciscoip_phone_6841_with_multiplatform_firmware
𝑥
≤ 12.0.4
ADP
ciscoip_phone_7811_with_multiplatform_firmware
𝑥
≤ 12.0.4
ADP
ciscoip_phone_7841_with_multiplatform_firmware
𝑥
≤ 12.0.4
ADP
ciscoip_phone_7861_with_multiplatform_firmware
𝑥
≤ 12.0.4
ADP
ciscoip_phone_8800_series_with_multiplatform_firmware
𝑥
≤ 12.0.4
ADP
ciscovideo_phone_8875_firmware
𝑥
≤ 12.0.4
ADP
Common Weakness Enumeration
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS