← Back

CVE-2024-20445

nvd nist
Published: Nov 6, 2024Modified: Jan 5, 2026

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: psirt@cisco.com (Secondary)

Description

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records. Note: Web Access is disabled by default.

Affected (24)

Cisco
18 products
Desk Phone 9841 Firmware
Desk Phone 9851 Firmware
Desk Phone 9861 Firmware
Desk Phone 9871 Firmware
Ip Conference Phone 7832 Firmware
Ip Conference Phone 8831 Firmware
Ip Conference Phone 8832 Firmware
Ip Phone 7811 Firmware
Ip Phone 7821 Firmware
Ip Phone 7841 Firmware
Ip Phone 7861 Firmware
Ip Phone 8811 Firmware
Ip Phone 8841 Firmware
Ip Phone 8845 Firmware
Ip Phone 8851 Firmware
Ip Phone 8851nr Firmware
Ip Phone 8861 Firmware
Video Phone 8875 Firmware
Configuration A
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Desk Phone 9841 Firmware
Version 3.1(1)
Desk Phone 9841 Firmware
Version 3.1(1) sr1
Running on/withPlatform Versions
Cisco
Desk Phone 9841
All versions
Configuration B
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Desk Phone 9851 Firmware
Version 3.1(1)
Desk Phone 9851 Firmware
Version 3.1(1) sr1
Running on/withPlatform Versions
Cisco
Desk Phone 9851
All versions
Configuration C
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Desk Phone 9861 Firmware
Version 3.1(1)
Desk Phone 9861 Firmware
Version 3.1(1) sr1
Running on/withPlatform Versions
Cisco
Desk Phone 9861
All versions
Configuration D
2 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Desk Phone 9871 Firmware
Version 3.1(1)
Desk Phone 9871 Firmware
Version 3.1(1) sr1
Running on/withPlatform Versions
Cisco
Desk Phone 9871
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Conference Phone 7832 Firmware
Before 14.3\(1\)
Running on/withPlatform Versions
Cisco
Ip Conference Phone 7832
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Conference Phone 8831 Firmware
Before 14.3\(1\)
Running on/withPlatform Versions
Cisco
Ip Conference Phone 8831
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Conference Phone 8832 Firmware
Before 14.3\(1\)
Running on/withPlatform Versions
Cisco
Ip Conference Phone 8832
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 7811 Firmware
Before 14.3\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 7811
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 7821 Firmware
Before 14.3\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 7821
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 7841 Firmware
Before 14.3\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 7841
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 7861 Firmware
Before 14.3\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 7861
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8811 Firmware
Before 14.3\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 8811
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8841 Firmware
Before 14.3\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 8841
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8845 Firmware
Before 14.3\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 8845
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8851 Firmware
Before 14.3\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 8851
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8851nr Firmware
Before 14.3\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 8851nr
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ip Phone 8861 Firmware
Before 14.3\(1\)
Running on/withPlatform Versions
Cisco
Ip Phone 8861
All versions
Configuration R
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Cisco
Video Phone 8875 Firmware
Before 2.3\(1\)
Video Phone 8875 Firmware
Version 2.3(1)
Video Phone 8875 Firmware
Version 2.3(1) sr1
Running on/withPlatform Versions
Cisco
Video Phone 8875
All versions

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (1)

Source: psirt@cisco.com
Vendor Advisory

Timeline

No history available yet.