CVE-2024-20534 — Cross-site Scripting in Cisco Video Phone 8875 With Multiplatform Firmware

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

4.8MEDIUMNVD

EPSS

0.2%

top 61.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Video Phone 8875 With Multiplatform Firmware Cisco IP Phones With Multiplatform Firmware Cisco Session Initiation Protocol Software +21 more

Timeline

PublishedNov 6

Description

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users. This vulnerability exists because the web UI of an affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the in…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages24 packages

▶NVDcisco/video_phone_8875_with_multiplatform_firmware< 2.3\(1\)+1

▶NVDcisco/desk_phone_9841_with_multiplatform_firmware3.1\(1\)

▶NVDcisco/desk_phone_9851_with_multiplatform_firmware3.1\(1\)

▶NVDcisco/desk_phone_9861_with_multiplatform_firmware3.1\(1\)

▶NVDcisco/desk_phone_9871_with_multiplatform_firmware3.1\(1\)

🔴Vulnerability Details

CVEList

Cisco IP Phone 6800, 7800, 8800, and 9800 Series with Multiplatform Firmware Stored Cross-Site Scripting Vulnerability↗2024-11-06

▶

GHSA

GHSA-47cf-pjqq-7626: A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multi↗2024-11-06

▶

📋Vendor Advisories

Cisco

Cisco 6800, 7800, 8800, and 9800 Series Phones with Multiplatform Firmware Stored Cross-Site Scripting Vulnerabilities↗2024-11-06

▶