CVE-2024-20378
high-risk
Published 2024-05-01
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.
Do I need to act?
-
0.80% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (20)
Ip Phone 6821 With Multiplatform Firmware
Ip Phone 6821 With Multiplatform Firmware
Ip Phone 6841 With Multiplatform Firmware
Ip Phone 6841 With Multiplatform Firmware
Ip Phone 6851 With Multiplatform Firmware
Ip Phone 6851 With Multiplatform Firmware
Ip Phone 6861 With Multiplatform Firmware
Ip Phone 6861 With Multiplatform Firmware
Ip Phone 6871 With Multiplatform Firmware
Ip Phone 6871 With Multiplatform Firmware
Ip Phone 7811 With Multiplatform Firmware
Ip Phone 7811 With Multiplatform Firmware
Ip Phone 7821 With Multiplatform Firmware
Ip Phone 7821 With Multiplatform Firmware
Ip Phone 7841 With Multiplatform Firmware
Ip Phone 7841 With Multiplatform Firmware
Ip Phone 7861 With Multiplatform Firmware
Ip Phone 7861 With Multiplatform Firmware
Ip Phone 8811 With Multiplatform Firmware
Ip Phone 8811 With Multiplatform Firmware
Affected Vendors
References (2)
51
/ 100
high-risk
Severity
26/34 · High
Exploitability
3/34 · Minimal
Exposure
22/34 · High