5.3
CVE-2024-20445
- EPSS 0.12%
- Veröffentlicht 06.11.2024 17:15:14
- Zuletzt bearbeitet 06.11.2024 18:17:17
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records. Note: Web Access is disabled by default.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellercisco
≫
Produkt
sip_ip_phone_software
Default Statusunknown
Version
12.1(1)SR1
Status
affected
Version
11.5(1)
Status
affected
Version
10.3(2)
Status
affected
Version
10.2(2)
Status
affected
Version
10.3(1)
Status
affected
Version
10.3(1)SR4
Status
affected
Version
11.0(1)
Status
affected
Version
10.4(1)SR2_3rd_Party
Status
affected
Version
11.7(1)
Status
affected
Version
12.1(1)
Status
affected
Version
11.0(0.7)_MPP
Status
affected
Version
9.3(4)_3rd_Party
Status
affected
Version
12.5(1)SR2
Status
affected
Version
10.2(1)SR1
Status
affected
Version
9.3(4)SR3_3rd_Party
Status
affected
Version
10.2(1)
Status
affected
Version
12.5(1)
Status
affected
Version
10.3(1)SR2
Status
affected
Version
11-0-1MSR1-1
Status
affected
Version
10.4(1)_3rd_Party
Status
affected
Version
12.5(1)SR1
Status
affected
Version
11.5(1)SR1
Status
affected
Version
10.1(1)SR2
Status
affected
Version
12.0(1)SR2
Status
affected
Version
12.6(1)
Status
affected
Version
10.3(1.11)_3rd_Party
Status
affected
Version
12.0(1)
Status
affected
Version
12.0(1)SR1
Status
affected
Version
9.3(3)
Status
affected
Version
12.5(1)SR3
Status
affected
Version
10.3(1)SR4b
Status
affected
Version
9.3(4)SR1_3rd_Party
Status
affected
Version
10.3(1)SR5
Status
affected
Version
10.1(1.9)
Status
affected
Version
10.3(1.9)_3rd_Party
Status
affected
Version
9.3(4)SR2_3rd_Party
Status
affected
Version
10.3(1)SR1
Status
affected
Version
10.3(1)SR3
Status
affected
Version
10.1(1)SR1
Status
affected
Version
12.0(1)SR3
Status
affected
Version
12.6(1)SR1
Status
affected
Version
12.7(1)
Status
affected
Version
10.3(1)SR6
Status
affected
Version
12.8(1)
Status
affected
Version
12.7(1)SR1
Status
affected
Version
12.8(1)SR1
Status
affected
Version
12.8(1)SR2
Status
affected
Version
14.0(1)
Status
affected
Version
14.0(1)SR1
Status
affected
Version
10.3(1)SR7
Status
affected
Version
14.0(1)SR2
Status
affected
Version
14.1(1)
Status
affected
Version
14.0(1)SR3
Status
affected
Version
14.1(1)SR1
Status
affected
Version
14.1(1)SR2
Status
affected
Version
14.2(1)
Status
affected
Version
14.2(1)SR1
Status
affected
Version
14.1(1)SR3
Status
affected
Version
14.2(1)SR2
Status
affected
Version
3.1(1)
Status
affected
Version
3.0(1)
Status
affected
Version
14.2(1)SR3
Status
affected
Version
3.1(1)SR1
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.32 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.