CVE-2024-20378

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device.  

 This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ciscoCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
ciscoip_phone_6821_with_multiplatform_firmware
𝑥
< 12.0.4
ciscoip_phone_6821_with_multiplatform_firmware
12.0.4
ciscoip_phone_6841_with_multiplatform_firmware
𝑥
< 12.0.4
ciscoip_phone_6841_with_multiplatform_firmware
12.0.4
ciscoip_phone_6851_with_multiplatform_firmware
𝑥
< 12.0.4
ciscoip_phone_6851_with_multiplatform_firmware
12.0.4
ciscoip_phone_6861_with_multiplatform_firmware
𝑥
< 12.0.4
ciscoip_phone_6861_with_multiplatform_firmware
12.0.4
ciscoip_phone_6871_with_multiplatform_firmware
𝑥
< 12.0.4
ciscoip_phone_6871_with_multiplatform_firmware
12.0.4
ciscoip_phone_7811_with_multiplatform_firmware
𝑥
< 12.0.4
ciscoip_phone_7811_with_multiplatform_firmware
12.0.4
ciscoip_phone_7821_with_multiplatform_firmware
𝑥
< 12.0.4
ciscoip_phone_7821_with_multiplatform_firmware
12.0.4
ciscoip_phone_7841_with_multiplatform_firmware
𝑥
< 12.0.4
ciscoip_phone_7841_with_multiplatform_firmware
12.0.4
ciscoip_phone_7861_with_multiplatform_firmware
𝑥
< 12.0.4
ciscoip_phone_7861_with_multiplatform_firmware
12.0.4
ciscoip_phone_8811_with_multiplatform_firmware
𝑥
< 12.0.4
ciscoip_phone_8811_with_multiplatform_firmware
12.0.4
ciscoip_phone_8841_with_multiplatform_firmware
𝑥
< 12.0.4
ciscoip_phone_8841_with_multiplatform_firmware
12.0.4
ciscoip_phone_8851_with_multiplatform_firmware
𝑥
< 12.0.4
ciscoip_phone_8851_with_multiplatform_firmware
12.0.4
ciscoip_phone_8851nr_with_multiplatform_firmware
𝑥
< 12.0.4
ciscoip_phone_8851nr_with_multiplatform_firmware
12.0.4
ciscoip_phone_8861_with_multiplatform_firmware
𝑥
< 12.0.4
ciscoip_phone_8861_with_multiplatform_firmware
12.0.4
ciscovideo_phone_8875_with_multiplatform_firmware
𝑥
< 2.3.1.0101
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS