CVE-2024-20376 — Out-of-bounds Write in Cisco Video Phone 8875 Firmware

CWE-787 — Out-of-bounds Write CWE-305 — Authentication Bypass by Primary Weakness4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.6%

top 30.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Video Phone 8875 Firmware Cisco IP Phone 6821 With Multiplatform Firmware Cisco IP Phone 6841 With Multiplatform Firmware +17 more

Timeline

PublishedMay 1

Description

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages20 packages

▶NVDcisco/video_phone_8875_firmware< 2.3.1.0101

▶NVDcisco/ip_phone_6821_with_multiplatform_firmware12.0.4

▶NVDcisco/ip_phone_6841_with_multiplatform_firmware12.0.4

▶NVDcisco/ip_phone_6851_with_multiplatform_firmware12.0.4

▶NVDcisco/ip_phone_6861_with_multiplatform_firmware12.0.4

🔴Vulnerability Details

GHSA

GHSA-fvx9-q8pv-wxv9: A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected↗2024-05-01

▶

CVEList

CVE-2024-20376: A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected↗2024-05-01

▶

📋Vendor Advisories

Cisco

Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Vulnerabilities↗2024-05-01

▶