Cisco IP Phone Firmware Vulnerability Could Lead to DoS Condition
CVE-2024-20376

7.5HIGH

Key Information:

Vendor: Cisco
Status: Cisco Ip Phones With Multiplatform Firmware; Cisco Phoneos
Vendor: CVE Published:; 1 May 2024

Summary

A vulnerability has been identified in the web-based management interface of Cisco IP Phone firmware that exposes devices to potential denial of service attacks. Due to inadequate validation of user-supplied input, an unauthenticated remote attacker may craft a malicious request targeting the interface of the affected devices. If successfully executed, the attack could lead to the affected device reloading, consequently disrupting service and impacting availability. The issue underscores the necessity for robust input validation mechanisms within management interfaces to prevent unauthorized disruptions.

Affected Version(s)

Cisco IP Phones with Multiplatform Firmware 11.3.1 MSR2-6

Cisco IP Phones with Multiplatform Firmware 11.3.1 MSR3-3

Cisco IP Phones with Multiplatform Firmware 11.3.2

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 1, 2024
Vulnerability Reserved
Nov 8, 2023