Lucene search

K
cve[email protected]CVE-2024-20357
HistoryMay 01, 2024 - 5:15 p.m.

CVE-2024-20357

2024-05-0117:15:28
CWE-787
web.nvd.nist.gov
42
cisco ip phone
firmware
vulnerability
remote attacker
unauthorized phone calls
xml service

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device.

This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco IP Phones with Multiplatform Firmware",
    "versions": [
      {
        "version": "11.3.1 MSR2-6",
        "status": "affected"
      },
      {
        "version": "11.3.1 MSR3-3",
        "status": "affected"
      },
      {
        "version": "11.3.2",
        "status": "affected"
      },
      {
        "version": "11.3.3",
        "status": "affected"
      },
      {
        "version": "11.3.1 MSR4-1",
        "status": "affected"
      },
      {
        "version": "11.3.4",
        "status": "affected"
      },
      {
        "version": "11.3.5",
        "status": "affected"
      },
      {
        "version": "11.3.3 MSR2",
        "status": "affected"
      },
      {
        "version": "11.3.3 MSR1",
        "status": "affected"
      },
      {
        "version": "11.3.6",
        "status": "affected"
      },
      {
        "version": "11-3-1MPPSR4UPG",
        "status": "affected"
      },
      {
        "version": "11.3.7",
        "status": "affected"
      },
      {
        "version": "11-3-1MSR2UPG",
        "status": "affected"
      },
      {
        "version": "11.3.6SR1",
        "status": "affected"
      },
      {
        "version": "11.3.7SR1",
        "status": "affected"
      },
      {
        "version": "11.3.7SR2",
        "status": "affected"
      },
      {
        "version": "11.0.0",
        "status": "affected"
      },
      {
        "version": "11.0.1",
        "status": "affected"
      },
      {
        "version": "11.0.1 MSR1-1",
        "status": "affected"
      },
      {
        "version": "11.0.2",
        "status": "affected"
      },
      {
        "version": "11.1.1",
        "status": "affected"
      },
      {
        "version": "11.1.1 MSR1-1",
        "status": "affected"
      },
      {
        "version": "11.1.1 MSR2-1",
        "status": "affected"
      },
      {
        "version": "11.1.2",
        "status": "affected"
      },
      {
        "version": "11.1.2 MSR1-1",
        "status": "affected"
      },
      {
        "version": "11.1.2 MSR3-1",
        "status": "affected"
      },
      {
        "version": "11.2.1",
        "status": "affected"
      },
      {
        "version": "11.2.2",
        "status": "affected"
      },
      {
        "version": "11.2.3",
        "status": "affected"
      },
      {
        "version": "11.2.3 MSR1-1",
        "status": "affected"
      },
      {
        "version": "11.2.4",
        "status": "affected"
      },
      {
        "version": "11.3.1",
        "status": "affected"
      },
      {
        "version": "11.3.1 MSR1-3",
        "status": "affected"
      },
      {
        "version": "4.5",
        "status": "affected"
      },
      {
        "version": "4.6 MSR1",
        "status": "affected"
      },
      {
        "version": "4.7.1",
        "status": "affected"
      },
      {
        "version": "4.8.1",
        "status": "affected"
      },
      {
        "version": "4.8.1 SR1",
        "status": "affected"
      },
      {
        "version": "5.0.1",
        "status": "affected"
      },
      {
        "version": "12.0.1",
        "status": "affected"
      },
      {
        "version": "12.0.2",
        "status": "affected"
      },
      {
        "version": "12.0.3",
        "status": "affected"
      },
      {
        "version": "12.0.3SR1",
        "status": "affected"
      },
      {
        "version": "12.0.4",
        "status": "affected"
      },
      {
        "version": "5.1.1",
        "status": "affected"
      },
      {
        "version": "5.1.2",
        "status": "affected"
      },
      {
        "version": "5.1(2)SR1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Cisco",
    "product": "Cisco PhoneOS",
    "versions": [
      {
        "version": "1.0.1",
        "status": "affected"
      },
      {
        "version": "2.1.1",
        "status": "affected"
      },
      {
        "version": "2.0.1",
        "status": "affected"
      },
      {
        "version": "2.3.1",
        "status": "affected"
      }
    ]
  }
]

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

Related for CVE-2024-20357