CVE-2024-20376
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.1 MSR2-6 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.1 MSR3-3 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.2 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.3 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.1 MSR4-1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.4 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.5 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.3 MSR2 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.3 MSR1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.6 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11-3-1MPPSR4UPG | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.7 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11-3-1MSR2UPG | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.6SR1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.7SR1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.7SR2 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.0.0 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.0.1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.0.1 MSR1-1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.0.2 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.1.1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.1.1 MSR1-1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.1.1 MSR2-1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.1.2 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.1.2 MSR1-1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.1.2 MSR3-1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.2.1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.2.2 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.2.3 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.2.3 MSR1-1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.2.4 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 11.3.1 MSR1-3 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 4.5 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 4.6 MSR1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 4.7.1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 4.8.1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 4.8.1 SR1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 5.0.1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 12.0.1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 12.0.2 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 12.0.3 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 12.0.3SR1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 12.0.4 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 5.1.1 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 5.1.2 | affected |
| Cisco | Cisco IP Phones with Multiplatform Firmware | 5.1(2)SR1 | affected |
| Cisco | Cisco PhoneOS | 1.0.1 | affected |
| Cisco | Cisco PhoneOS | 2.1.1 | affected |
| Cisco | Cisco PhoneOS | 2.0.1 | affected |
| Cisco | Cisco PhoneOS | 2.3.1 | affected |
Weaknesses
- CWE-787: Out-of-bounds Write
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.