← Back

CVE-2024-20357

nvd nist
Published: May 1, 2024Modified: Jan 5, 2026

JSON object

Loading...
5.9
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 2.2 / Impact: 3.6
Source: psirt@cisco.com (Secondary)

Description

A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.

Affected (18)

Cisco
18 products
Ip Phone 6871 With Multiplatform Firmware
Ip Phone 7811 With Multiplatform Firmware
Ip Phone 7821 With Multiplatform Firmware
Ip Phone 7832 With Multiplatform Firmware
Ip Phone 7841 With Multiplatform Firmware
Ip Phone 7861 With Multiplatform Firmware
Ip Phone 8811 With Multiplatform Firmware
Ip Phone 8832 With Multiplatform Firmware
Ip Phone 8841 With Multiplatform Firmware
Ip Phone 8845 With Multiplatform Firmware
Ip Phone 8851 With Multiplatform Firmware
Ip Phone 8861 With Multiplatform Firmware
Ip Phone 8865 With Multiplatform Firmware
Video Phone 8875 Firmware
Ip Phone 6821 With Multiplatform Firmware
Ip Phone 6841 With Multiplatform Firmware
Ip Phone 6851 With Multiplatform Firmware
Ip Phone 6861 With Multiplatform Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 6871 With Multiplatform Firmware
Up to 12.0.4
Running on/withPlatform Versions
Cisco
Ip Phone 6871
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 7811 With Multiplatform Firmware
Up to 12.0.4
Running on/withPlatform Versions
Cisco
Ip Phone 7811
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 7821 With Multiplatform Firmware
Up to 12.0.4
Running on/withPlatform Versions
Cisco
Ip Phone 7821
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 7832 With Multiplatform Firmware
Up to 12.0.4
Running on/withPlatform Versions
Cisco
Ip Phone 7832
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 7841 With Multiplatform Firmware
Up to 12.0.4
Running on/withPlatform Versions
Cisco
Ip Phone 7841
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 7861 With Multiplatform Firmware
Up to 12.0.4
Running on/withPlatform Versions
Cisco
Ip Phone 7861
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8811 With Multiplatform Firmware
Up to 12.0.4
Running on/withPlatform Versions
Cisco
Ip Phone 8811
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8832 With Multiplatform Firmware
Up to 12.0.4
Running on/withPlatform Versions
Cisco
Ip Phone 8832
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8841 With Multiplatform Firmware
Up to 12.0.4
Running on/withPlatform Versions
Cisco
Ip Phone 8841
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8845 With Multiplatform Firmware
Up to 12.0.4
Running on/withPlatform Versions
Cisco
Ip Phone 8845
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8851 With Multiplatform Firmware
Up to 12.0.4
Running on/withPlatform Versions
Cisco
Ip Phone 8851
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8861 With Multiplatform Firmware
Up to 12.0.4
Running on/withPlatform Versions
Cisco
Ip Phone 8861
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8865 With Multiplatform Firmware
Up to 12.0.4
Running on/withPlatform Versions
Cisco
Ip Phone 8865
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Video Phone 8875 Firmware
Before 2.3.1.0101
Running on/withPlatform Versions
Cisco
Video Phone 8875
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 6821 With Multiplatform Firmware
Up to 12.0.4
Running on/withPlatform Versions
Cisco
Ip Phone 6821
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 6841 With Multiplatform Firmware
Up to 12.0.4
Running on/withPlatform Versions
Cisco
Ip Phone 6841
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 6851 With Multiplatform Firmware
Up to 12.0.4
Running on/withPlatform Versions
Cisco
Ip Phone 6851
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 6861 With Multiplatform Firmware
Up to 12.0.4
Running on/withPlatform Versions
Cisco
Ip Phone 6861
All versions

Related CWEs

CWE-787
Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.