CVE-2024-20376

EPSS 0.35%
Veröffentlicht 01.05.2024 17:15:28
Zuletzt bearbeitet 21.11.2024 08:52:29
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.  

 This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellercisco

≫

Produkt ip_phone_6871_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_6821_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_6851_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_7821_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_6861_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_6825_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_6841_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_7811_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_7841_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_7861_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_8800_series_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt video_phone_8875_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.35%	0.565

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS

https://nvd.nist.gov/vuln/detail/CVE-2024-20376

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20376

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20376

EUVD