CVE-2024-20376

moderate-risk
Published 2024-05-01

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

Do I need to act?

-
0.61% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (18)

Ip Phone 8841 With Multiplatform Firmware
Ip Phone 8845 With Multiplatform Firmware
Ip Phone 8851 With Multiplatform Firmware
Ip Phone 8861 With Multiplatform Firmware
Ip Phone 8865 With Multiplatform Firmware
Video Phone 8875 Firmware
Ip Phone 6821 With Multiplatform Firmware
Ip Phone 6841 With Multiplatform Firmware
Ip Phone 6851 With Multiplatform Firmware
Ip Phone 6861 With Multiplatform Firmware
Ip Phone 6871 With Multiplatform Firmware
Ip Phone 7811 With Multiplatform Firmware
Ip Phone 7821 With Multiplatform Firmware
Ip Phone 7832 With Multiplatform Firmware
Ip Phone 7841 With Multiplatform Firmware
Ip Phone 7861 With Multiplatform Firmware
Ip Phone 8811 With Multiplatform Firmware
Ip Phone 8832 With Multiplatform Firmware

Affected Vendors

Cisco

References (2)

Vendor Advisory https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
Vendor Advisory https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ci...
47
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 2/34 · Minimal
Exposure 19/34 · Moderate