4.8
CVE-2024-20534
- EPSS 0.13%
- Veröffentlicht 06.11.2024 17:15:18
- Zuletzt bearbeitet 05.01.2026 14:51:35
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users. This vulnerability exists because the web UI of an affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Note: To exploit this vulnerability, Web Access must be enabled on the phone and the attacker must have Admin credentials on the device. Web Access is disabled by default.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Desk Phone 9841 With Multiplatform Firmware Version3.1(1) Update-
Cisco ≫ Desk Phone 9841 With Multiplatform Firmware Version3.1(1) Updatesr1
Cisco ≫ Desk Phone 9851 With Multiplatform Firmware Version3.1(1) Update-
Cisco ≫ Desk Phone 9851 With Multiplatform Firmware Version3.1(1) Updatesr1
Cisco ≫ Desk Phone 9861 With Multiplatform Firmware Version3.1(1) Update-
Cisco ≫ Desk Phone 9861 With Multiplatform Firmware Version3.1(1) Updatesr1
Cisco ≫ Desk Phone 9871 With Multiplatform Firmware Version3.1(1) Update-
Cisco ≫ Desk Phone 9871 With Multiplatform Firmware Version3.1(1) Updatesr1
Cisco ≫ Ip Phone 6821 With Multiplatform Firmware Version12.0(5) Updatesr1
Cisco ≫ Ip Phone 6841 With Multiplatform Firmware Version12.0(5) Updatesr1
Cisco ≫ Ip Phone 6851 With Multiplatform Firmware Version12.0(5) Updatesr1
Cisco ≫ Ip Phone 6861 With Multiplatform Firmware Version12.0(5) Updatesr1
Cisco ≫ Ip Phone 6871 With Multiplatform Firmware Version12.0(5) Updatesr1
Cisco ≫ Ip Phone 7811 With Multiplatform Firmware Version12.0(5) Updatesr1
Cisco ≫ Ip Phone 7821 With Multiplatform Firmware Version12.0(5) Updatesr1
Cisco ≫ Ip Phone 7832 With Multiplatform Firmware Version12.0(5) Updatesr1
Cisco ≫ Ip Phone 7841 With Multiplatform Firmware Version12.0(5) Updatesr1
Cisco ≫ Ip Phone 7861 With Multiplatform Firmware Version12.0(5) Updatesr1
Cisco ≫ Ip Phone 8811 With Multiplatform Firmware Version12.0(5) Updatesr1
Cisco ≫ Ip Phone 8832 With Multiplatform Firmware Version12.0(5) Updatesr1
Cisco ≫ Ip Phone 8841 With Multiplatform Firmware Version12.0(5) Updatesr1
Cisco ≫ Ip Phone 8845 With Multiplatform Firmware Version12.0(5) Updatesr1
Cisco ≫ Ip Phone 8851 With Multiplatform Firmware Version12.0(5) Updatesr1
Cisco ≫ Ip Phone 8861 With Multiplatform Firmware Version12.0(5) Updatesr1
Cisco ≫ Ip Phone 8865 With Multiplatform Firmware Version12.0(5) Updatesr1
Cisco ≫ Video Phone 8875 With Multiplatform Firmware Update- Version < 2.3\(1\)
Cisco ≫ Video Phone 8875 With Multiplatform Firmware Version2.3(1) Update-
Cisco ≫ Video Phone 8875 With Multiplatform Firmware Version2.3(1) Updatesr1
Cisco ≫ Ip Phone 8831 With Multiplatform Firmware Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.329 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| psirt@cisco.com | 4.8 | 1.7 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.