CVE-2024-20357
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device.
This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.
CNA Affected
[
{
"vendor": "Cisco",
"product": "Cisco IP Phones with Multiplatform Firmware",
"versions": [
{
"version": "11.3.1 MSR2-6",
"status": "affected"
},
{
"version": "11.3.1 MSR3-3",
"status": "affected"
},
{
"version": "11.3.2",
"status": "affected"
},
{
"version": "11.3.3",
"status": "affected"
},
{
"version": "11.3.1 MSR4-1",
"status": "affected"
},
{
"version": "11.3.4",
"status": "affected"
},
{
"version": "11.3.5",
"status": "affected"
},
{
"version": "11.3.3 MSR2",
"status": "affected"
},
{
"version": "11.3.3 MSR1",
"status": "affected"
},
{
"version": "11.3.6",
"status": "affected"
},
{
"version": "11-3-1MPPSR4UPG",
"status": "affected"
},
{
"version": "11.3.7",
"status": "affected"
},
{
"version": "11-3-1MSR2UPG",
"status": "affected"
},
{
"version": "11.3.6SR1",
"status": "affected"
},
{
"version": "11.3.7SR1",
"status": "affected"
},
{
"version": "11.3.7SR2",
"status": "affected"
},
{
"version": "11.0.0",
"status": "affected"
},
{
"version": "11.0.1",
"status": "affected"
},
{
"version": "11.0.1 MSR1-1",
"status": "affected"
},
{
"version": "11.0.2",
"status": "affected"
},
{
"version": "11.1.1",
"status": "affected"
},
{
"version": "11.1.1 MSR1-1",
"status": "affected"
},
{
"version": "11.1.1 MSR2-1",
"status": "affected"
},
{
"version": "11.1.2",
"status": "affected"
},
{
"version": "11.1.2 MSR1-1",
"status": "affected"
},
{
"version": "11.1.2 MSR3-1",
"status": "affected"
},
{
"version": "11.2.1",
"status": "affected"
},
{
"version": "11.2.2",
"status": "affected"
},
{
"version": "11.2.3",
"status": "affected"
},
{
"version": "11.2.3 MSR1-1",
"status": "affected"
},
{
"version": "11.2.4",
"status": "affected"
},
{
"version": "11.3.1",
"status": "affected"
},
{
"version": "11.3.1 MSR1-3",
"status": "affected"
},
{
"version": "4.5",
"status": "affected"
},
{
"version": "4.6 MSR1",
"status": "affected"
},
{
"version": "4.7.1",
"status": "affected"
},
{
"version": "4.8.1",
"status": "affected"
},
{
"version": "4.8.1 SR1",
"status": "affected"
},
{
"version": "5.0.1",
"status": "affected"
},
{
"version": "12.0.1",
"status": "affected"
},
{
"version": "12.0.2",
"status": "affected"
},
{
"version": "12.0.3",
"status": "affected"
},
{
"version": "12.0.3SR1",
"status": "affected"
},
{
"version": "12.0.4",
"status": "affected"
},
{
"version": "5.1.1",
"status": "affected"
},
{
"version": "5.1.2",
"status": "affected"
},
{
"version": "5.1(2)SR1",
"status": "affected"
}
]
},
{
"vendor": "Cisco",
"product": "Cisco PhoneOS",
"versions": [
{
"version": "1.0.1",
"status": "affected"
},
{
"version": "2.1.1",
"status": "affected"
},
{
"version": "2.0.1",
"status": "affected"
},
{
"version": "2.3.1",
"status": "affected"
}
]
}
]Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
7 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%