CVE-2024-20357

EPSS 0.21%
Veröffentlicht 01.05.2024 17:15:28
Zuletzt bearbeitet 21.11.2024 08:52:27
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device.  

 This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellercisco

≫

Produkt ip_phone_6871_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_6821_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_6851_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_7821_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_6861_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_6825_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_6841_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_7811_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_7841_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_7861_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_8800_series_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt video_phone_8875_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.428

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS

https://nvd.nist.gov/vuln/detail/CVE-2024-20357

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20357

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20357

EUVD