CVE-2024-20378

EPSS 0.43%
Veröffentlicht 01.05.2024 17:15:28
Zuletzt bearbeitet 21.11.2024 08:52:30
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device.  

 This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellercisco

≫

Produkt ip_phone_6871_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_6821_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_6851_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_7821_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_6861_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_6825_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_6841_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_7811_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_7841_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_7861_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt ip_phone_8800_series_with_multiplatform_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Herstellercisco

≫

Produkt video_phone_8875_firmware

Default Statusunknown

Version <= 12.0.4

Version 0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.43%	0.62

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@cisco.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-305 Authentication Bypass by Primary Weakness

The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS

https://nvd.nist.gov/vuln/detail/CVE-2024-20378

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-20378

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-20378

EUVD