Lucene search

K
cvelistCiscoCVELIST:CVE-2024-20376
HistoryMay 01, 2024 - 4:43 p.m.

CVE-2024-20376

2024-05-0116:43:15
cisco
www.cve.org
cisco ip phone
firmware
dos
validation
remote attacker

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.0%

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

CNA Affected

[
  {
    "vendor": "Cisco",
    "product": "Cisco IP Phones with Multiplatform Firmware",
    "versions": [
      {
        "version": "11.3.1 MSR2-6",
        "status": "affected"
      },
      {
        "version": "11.3.1 MSR3-3",
        "status": "affected"
      },
      {
        "version": "11.3.2",
        "status": "affected"
      },
      {
        "version": "11.3.3",
        "status": "affected"
      },
      {
        "version": "11.3.1 MSR4-1",
        "status": "affected"
      },
      {
        "version": "11.3.4",
        "status": "affected"
      },
      {
        "version": "11.3.5",
        "status": "affected"
      },
      {
        "version": "11.3.3 MSR2",
        "status": "affected"
      },
      {
        "version": "11.3.3 MSR1",
        "status": "affected"
      },
      {
        "version": "11.3.6",
        "status": "affected"
      },
      {
        "version": "11-3-1MPPSR4UPG",
        "status": "affected"
      },
      {
        "version": "11.3.7",
        "status": "affected"
      },
      {
        "version": "11-3-1MSR2UPG",
        "status": "affected"
      },
      {
        "version": "11.3.6SR1",
        "status": "affected"
      },
      {
        "version": "11.3.7SR1",
        "status": "affected"
      },
      {
        "version": "11.3.7SR2",
        "status": "affected"
      },
      {
        "version": "11.0.0",
        "status": "affected"
      },
      {
        "version": "11.0.1",
        "status": "affected"
      },
      {
        "version": "11.0.1 MSR1-1",
        "status": "affected"
      },
      {
        "version": "11.0.2",
        "status": "affected"
      },
      {
        "version": "11.1.1",
        "status": "affected"
      },
      {
        "version": "11.1.1 MSR1-1",
        "status": "affected"
      },
      {
        "version": "11.1.1 MSR2-1",
        "status": "affected"
      },
      {
        "version": "11.1.2",
        "status": "affected"
      },
      {
        "version": "11.1.2 MSR1-1",
        "status": "affected"
      },
      {
        "version": "11.1.2 MSR3-1",
        "status": "affected"
      },
      {
        "version": "11.2.1",
        "status": "affected"
      },
      {
        "version": "11.2.2",
        "status": "affected"
      },
      {
        "version": "11.2.3",
        "status": "affected"
      },
      {
        "version": "11.2.3 MSR1-1",
        "status": "affected"
      },
      {
        "version": "11.2.4",
        "status": "affected"
      },
      {
        "version": "11.3.1",
        "status": "affected"
      },
      {
        "version": "11.3.1 MSR1-3",
        "status": "affected"
      },
      {
        "version": "4.5",
        "status": "affected"
      },
      {
        "version": "4.6 MSR1",
        "status": "affected"
      },
      {
        "version": "4.7.1",
        "status": "affected"
      },
      {
        "version": "4.8.1",
        "status": "affected"
      },
      {
        "version": "4.8.1 SR1",
        "status": "affected"
      },
      {
        "version": "5.0.1",
        "status": "affected"
      },
      {
        "version": "12.0.1",
        "status": "affected"
      },
      {
        "version": "12.0.2",
        "status": "affected"
      },
      {
        "version": "12.0.3",
        "status": "affected"
      },
      {
        "version": "12.0.3SR1",
        "status": "affected"
      },
      {
        "version": "12.0.4",
        "status": "affected"
      },
      {
        "version": "5.1.1",
        "status": "affected"
      },
      {
        "version": "5.1.2",
        "status": "affected"
      },
      {
        "version": "5.1(2)SR1",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Cisco",
    "product": "Cisco PhoneOS",
    "versions": [
      {
        "version": "1.0.1",
        "status": "affected"
      },
      {
        "version": "2.1.1",
        "status": "affected"
      },
      {
        "version": "2.0.1",
        "status": "affected"
      },
      {
        "version": "2.3.1",
        "status": "affected"
      }
    ]
  }
]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

9.0%

Related for CVELIST:CVE-2024-20376