Cisco IP Phone Firmware Vulnerability Could Lead to DoS Condition

CVE-2024-20376

7.5HIGH

Key Information

Vendor: Cisco
Status: Cisco Ip Phones With Multiplatform Firmware; Cisco Phoneos
Vendor: CVE Published:; 1 May 2024

Badges

👾 Exploit Exists

Summary

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

Affected Version(s)

Cisco IP Phones with Multiplatform Firmware = 11.3.1 MSR2-6

Cisco IP Phones with Multiplatform Firmware = 11.3.1 MSR3-3

Cisco IP Phones with Multiplatform Firmware = 11.3.2

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 1, 2024
Vulnerability Reserved.
Nov 8, 2023
👾
Exploit exists.
Jan 1, 1970

Collectors

NVD DatabaseMitre Database