CVE-2024-20376

Published: May 1, 2024Modified: Jan 5, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: psirt@cisco.com (Secondary)

Description

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

Affected (18)

Cisco

18 products

Video Phone 8875 Firmware

Ip Phone 6821 With Multiplatform Firmware

Ip Phone 6841 With Multiplatform Firmware

Ip Phone 6851 With Multiplatform Firmware

Ip Phone 6861 With Multiplatform Firmware

Ip Phone 6871 With Multiplatform Firmware

Ip Phone 7811 With Multiplatform Firmware

Ip Phone 7821 With Multiplatform Firmware

Ip Phone 7832 With Multiplatform Firmware

Ip Phone 7841 With Multiplatform Firmware

Ip Phone 7861 With Multiplatform Firmware

Ip Phone 8811 With Multiplatform Firmware

Ip Phone 8832 With Multiplatform Firmware

Ip Phone 8841 With Multiplatform Firmware

Ip Phone 8845 With Multiplatform Firmware

Ip Phone 8851 With Multiplatform Firmware

Ip Phone 8861 With Multiplatform Firmware

Ip Phone 8865 With Multiplatform Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Video Phone 8875 Firmware	Before 2.3.1.0101

Running on/with	Platform Versions
Cisco Video Phone 8875	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 6821 With Multiplatform Firmware	Up to 12.0.4

Running on/with	Platform Versions
Cisco Ip Phone 6821	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 6841 With Multiplatform Firmware	Up to 12.0.4

Running on/with	Platform Versions
Cisco Ip Phone 6841	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 6851 With Multiplatform Firmware	Up to 12.0.4

Running on/with	Platform Versions
Cisco Ip Phone 6851	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 6861 With Multiplatform Firmware	Up to 12.0.4

Running on/with	Platform Versions
Cisco Ip Phone 6861	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 6871 With Multiplatform Firmware	Up to 12.0.4

Running on/with	Platform Versions
Cisco Ip Phone 6871	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7811 With Multiplatform Firmware	Up to 12.0.4

Running on/with	Platform Versions
Cisco Ip Phone 7811	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7821 With Multiplatform Firmware	Up to 12.0.4

Running on/with	Platform Versions
Cisco Ip Phone 7821	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7832 With Multiplatform Firmware	Up to 12.0.4

Running on/with	Platform Versions
Cisco Ip Phone 7832	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7841 With Multiplatform Firmware	Up to 12.0.4

Running on/with	Platform Versions
Cisco Ip Phone 7841	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 7861 With Multiplatform Firmware	Up to 12.0.4

Running on/with	Platform Versions
Cisco Ip Phone 7861	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8811 With Multiplatform Firmware	Up to 12.0.4

Running on/with	Platform Versions
Cisco Ip Phone 8811	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8832 With Multiplatform Firmware	Up to 12.0.4

Running on/with	Platform Versions
Cisco Ip Phone 8832	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8841 With Multiplatform Firmware	Up to 12.0.4

Running on/with	Platform Versions
Cisco Ip Phone 8841	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8845 With Multiplatform Firmware	Up to 12.0.4

Running on/with	Platform Versions
Cisco Ip Phone 8845	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8851 With Multiplatform Firmware	Up to 12.0.4

Running on/with	Platform Versions
Cisco Ip Phone 8851	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8861 With Multiplatform Firmware	Up to 12.0.4

Running on/with	Platform Versions
Cisco Ip Phone 8861	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Ip Phone 8865 With Multiplatform Firmware	Up to 12.0.4

Running on/with	Platform Versions
Cisco Ip Phone 8865	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS

Source: psirt@cisco.com

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.