CVE-2024-20376

Summary

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.

Affected Software

VendorProductVersion RangeStatus
CiscoCisco IP Phones with Multiplatform Firmware11.3.1 MSR2-6affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.1 MSR3-3affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.2affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.3affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.1 MSR4-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.4affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.5affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.3 MSR2affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.3 MSR1affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.6affected
CiscoCisco IP Phones with Multiplatform Firmware11-3-1MPPSR4UPGaffected
CiscoCisco IP Phones with Multiplatform Firmware11.3.7affected
CiscoCisco IP Phones with Multiplatform Firmware11-3-1MSR2UPGaffected
CiscoCisco IP Phones with Multiplatform Firmware11.3.6SR1affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.7SR1affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.7SR2affected
CiscoCisco IP Phones with Multiplatform Firmware11.0.0affected
CiscoCisco IP Phones with Multiplatform Firmware11.0.1affected
CiscoCisco IP Phones with Multiplatform Firmware11.0.1 MSR1-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.0.2affected
CiscoCisco IP Phones with Multiplatform Firmware11.1.1affected
CiscoCisco IP Phones with Multiplatform Firmware11.1.1 MSR1-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.1.1 MSR2-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.1.2affected
CiscoCisco IP Phones with Multiplatform Firmware11.1.2 MSR1-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.1.2 MSR3-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.2.1affected
CiscoCisco IP Phones with Multiplatform Firmware11.2.2affected
CiscoCisco IP Phones with Multiplatform Firmware11.2.3affected
CiscoCisco IP Phones with Multiplatform Firmware11.2.3 MSR1-1affected
CiscoCisco IP Phones with Multiplatform Firmware11.2.4affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.1affected
CiscoCisco IP Phones with Multiplatform Firmware11.3.1 MSR1-3affected
CiscoCisco IP Phones with Multiplatform Firmware4.5affected
CiscoCisco IP Phones with Multiplatform Firmware4.6 MSR1affected
CiscoCisco IP Phones with Multiplatform Firmware4.7.1affected
CiscoCisco IP Phones with Multiplatform Firmware4.8.1affected
CiscoCisco IP Phones with Multiplatform Firmware4.8.1 SR1affected
CiscoCisco IP Phones with Multiplatform Firmware5.0.1affected
CiscoCisco IP Phones with Multiplatform Firmware12.0.1affected
CiscoCisco IP Phones with Multiplatform Firmware12.0.2affected
CiscoCisco IP Phones with Multiplatform Firmware12.0.3affected
CiscoCisco IP Phones with Multiplatform Firmware12.0.3SR1affected
CiscoCisco IP Phones with Multiplatform Firmware12.0.4affected
CiscoCisco IP Phones with Multiplatform Firmware5.1.1affected
CiscoCisco IP Phones with Multiplatform Firmware5.1.2affected
CiscoCisco IP Phones with Multiplatform Firmware5.1(2)SR1affected
CiscoCisco PhoneOS1.0.1affected
CiscoCisco PhoneOS2.1.1affected
CiscoCisco PhoneOS2.0.1affected
CiscoCisco PhoneOS2.3.1affected

Weaknesses

  • CWE-787: Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References