Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for Cisco PhoneOS by Cisco

    CVE-2024-20378 (GCVE-0-2024-20378)

    Vulnerability from nvd – Published: 2024-05-01 16:41 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IP Phones with Multiplatform Firmware Affected: 11.3.1 MSR2-6
    Affected: 11.3.1 MSR3-3
    Affected: 11.3.2
    Affected: 11.3.3
    Affected: 11.3.1 MSR4-1
    Affected: 11.3.4
    Affected: 11.3.5
    Affected: 11.3.3 MSR2
    Affected: 11.3.3 MSR1
    Affected: 11.3.6
    Affected: 11-3-1MPPSR4UPG
    Affected: 11.3.7
    Affected: 11-3-1MSR2UPG
    Affected: 11.3.6SR1
    Affected: 11.3.7SR1
    Affected: 11.3.7SR2
    Affected: 11.0.0
    Affected: 11.0.1
    Affected: 11.0.1 MSR1-1
    Affected: 11.0.2
    Affected: 11.1.1
    Affected: 11.1.1 MSR1-1
    Affected: 11.1.1 MSR2-1
    Affected: 11.1.2
    Affected: 11.1.2 MSR1-1
    Affected: 11.1.2 MSR3-1
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.3 MSR1-1
    Affected: 11.2.4
    Affected: 11.3.1
    Affected: 11.3.1 MSR1-3
    Affected: 4.5
    Affected: 4.6 MSR1
    Affected: 4.7.1
    Affected: 4.8.1
    Affected: 4.8.1 SR1
    Affected: 5.0.1
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.3SR1
    Affected: 12.0.4
    Affected: 5.1.1
    Affected: 5.1.2
    Affected: 5.1(2)SR1
    Create a notification for this product.
    Cisco Cisco PhoneOS Affected: 1.0.1
    Affected: 2.1.1
    Affected: 2.0.1
    Affected: 2.3.1
    Create a notification for this product.
    cisco ip_phone_6871_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6851_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6825_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7811_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_8800_series_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco video_phone_8875_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6871_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6821_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6851_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7821_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6861_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6825_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6841_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7811_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7841_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7861_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_8800_series_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "video_phone_8875_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20378",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-01T20:19:03.667220Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T13:47:37.828Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.451Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.3.1 MSR2-6"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR3-3"
                },
                {
                  "status": "affected",
                  "version": "11.3.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR4-1"
                },
                {
                  "status": "affected",
                  "version": "11.3.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.5"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.6"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MPPSR4UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.7"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MSR2UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.6SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0.0"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR2-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR3-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.3 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR1-3"
                },
                {
                  "status": "affected",
                  "version": "4.5"
                },
                {
                  "status": "affected",
                  "version": "4.6 MSR1"
                },
                {
                  "status": "affected",
                  "version": "4.7.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "5.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.3SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.2"
                },
                {
                  "status": "affected",
                  "version": "5.1(2)SR1"
                }
              ]
            },
            {
              "product": "Cisco PhoneOS",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.1.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device.  \r\n\r This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-01T16:41:52.385Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
            "defects": [
              "CSCwi64037",
              "CSCwi64050"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20378",
        "datePublished": "2024-05-01T16:41:52.385Z",
        "dateReserved": "2023-11-08T15:08:07.655Z",
        "dateUpdated": "2024-08-01T21:59:42.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20376 (GCVE-0-2024-20376)

    Vulnerability from nvd – Published: 2024-05-01 16:43 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IP Phones with Multiplatform Firmware Affected: 11.3.1 MSR2-6
    Affected: 11.3.1 MSR3-3
    Affected: 11.3.2
    Affected: 11.3.3
    Affected: 11.3.1 MSR4-1
    Affected: 11.3.4
    Affected: 11.3.5
    Affected: 11.3.3 MSR2
    Affected: 11.3.3 MSR1
    Affected: 11.3.6
    Affected: 11-3-1MPPSR4UPG
    Affected: 11.3.7
    Affected: 11-3-1MSR2UPG
    Affected: 11.3.6SR1
    Affected: 11.3.7SR1
    Affected: 11.3.7SR2
    Affected: 11.0.0
    Affected: 11.0.1
    Affected: 11.0.1 MSR1-1
    Affected: 11.0.2
    Affected: 11.1.1
    Affected: 11.1.1 MSR1-1
    Affected: 11.1.1 MSR2-1
    Affected: 11.1.2
    Affected: 11.1.2 MSR1-1
    Affected: 11.1.2 MSR3-1
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.3 MSR1-1
    Affected: 11.2.4
    Affected: 11.3.1
    Affected: 11.3.1 MSR1-3
    Affected: 4.5
    Affected: 4.6 MSR1
    Affected: 4.7.1
    Affected: 4.8.1
    Affected: 4.8.1 SR1
    Affected: 5.0.1
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.3SR1
    Affected: 12.0.4
    Affected: 5.1.1
    Affected: 5.1.2
    Affected: 5.1(2)SR1
    Create a notification for this product.
    Cisco Cisco PhoneOS Affected: 1.0.1
    Affected: 2.1.1
    Affected: 2.0.1
    Affected: 2.3.1
    Create a notification for this product.
    cisco ip_phone_6871_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6851_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6825_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7811_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_8800_series_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco video_phone_8875_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6871_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6821_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6851_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7821_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6861_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6825_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6841_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7811_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7841_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7861_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_8800_series_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "video_phone_8875_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20376",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-01T20:50:33.825806Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T13:47:10.312Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.187Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.3.1 MSR2-6"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR3-3"
                },
                {
                  "status": "affected",
                  "version": "11.3.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR4-1"
                },
                {
                  "status": "affected",
                  "version": "11.3.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.5"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.6"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MPPSR4UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.7"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MSR2UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.6SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0.0"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR2-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR3-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.3 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR1-3"
                },
                {
                  "status": "affected",
                  "version": "4.5"
                },
                {
                  "status": "affected",
                  "version": "4.6 MSR1"
                },
                {
                  "status": "affected",
                  "version": "4.7.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "5.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.3SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.2"
                },
                {
                  "status": "affected",
                  "version": "5.1(2)SR1"
                }
              ]
            },
            {
              "product": "Cisco PhoneOS",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.1.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.  \r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-01T16:43:15.553Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
            "defects": [
              "CSCwi64103",
              "CSCwi64077"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20376",
        "datePublished": "2024-05-01T16:43:15.553Z",
        "dateReserved": "2023-11-08T15:08:07.655Z",
        "dateUpdated": "2024-08-01T21:59:42.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20357 (GCVE-0-2024-20357)

    Vulnerability from nvd – Published: 2024-05-01 16:36 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IP Phones with Multiplatform Firmware Affected: 11.3.1 MSR2-6
    Affected: 11.3.1 MSR3-3
    Affected: 11.3.2
    Affected: 11.3.3
    Affected: 11.3.1 MSR4-1
    Affected: 11.3.4
    Affected: 11.3.5
    Affected: 11.3.3 MSR2
    Affected: 11.3.3 MSR1
    Affected: 11.3.6
    Affected: 11-3-1MPPSR4UPG
    Affected: 11.3.7
    Affected: 11-3-1MSR2UPG
    Affected: 11.3.6SR1
    Affected: 11.3.7SR1
    Affected: 11.3.7SR2
    Affected: 11.0.0
    Affected: 11.0.1
    Affected: 11.0.1 MSR1-1
    Affected: 11.0.2
    Affected: 11.1.1
    Affected: 11.1.1 MSR1-1
    Affected: 11.1.1 MSR2-1
    Affected: 11.1.2
    Affected: 11.1.2 MSR1-1
    Affected: 11.1.2 MSR3-1
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.3 MSR1-1
    Affected: 11.2.4
    Affected: 11.3.1
    Affected: 11.3.1 MSR1-3
    Affected: 4.5
    Affected: 4.6 MSR1
    Affected: 4.7.1
    Affected: 4.8.1
    Affected: 4.8.1 SR1
    Affected: 5.0.1
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.3SR1
    Affected: 12.0.4
    Affected: 5.1.1
    Affected: 5.1.2
    Affected: 5.1(2)SR1
    Create a notification for this product.
    Cisco Cisco PhoneOS Affected: 1.0.1
    Affected: 2.1.1
    Affected: 2.0.1
    Affected: 2.3.1
    Create a notification for this product.
    cisco ip_phone_6871_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6851_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6825_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7811_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_8800_series_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco video_phone_8875_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6871_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6821_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6851_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7821_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6861_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6825_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6841_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7811_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7841_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7861_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_8800_series_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "video_phone_8875_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20357",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-01T20:55:26.843678Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T13:45:13.942Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.103Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.3.1 MSR2-6"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR3-3"
                },
                {
                  "status": "affected",
                  "version": "11.3.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR4-1"
                },
                {
                  "status": "affected",
                  "version": "11.3.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.5"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.6"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MPPSR4UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.7"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MSR2UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.6SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0.0"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR2-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR3-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.3 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR1-3"
                },
                {
                  "status": "affected",
                  "version": "4.5"
                },
                {
                  "status": "affected",
                  "version": "4.6 MSR1"
                },
                {
                  "status": "affected",
                  "version": "4.7.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "5.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.3SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.2"
                },
                {
                  "status": "affected",
                  "version": "5.1(2)SR1"
                }
              ]
            },
            {
              "product": "Cisco PhoneOS",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.1.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device.  \r\n\r This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-01T16:36:53.907Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
            "defects": [
              "CSCwi64082",
              "CSCwi64064"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20357",
        "datePublished": "2024-05-01T16:36:53.907Z",
        "dateReserved": "2023-11-08T15:08:07.649Z",
        "dateUpdated": "2024-08-01T21:59:42.103Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20221 (GCVE-0-2023-20221)

    Vulnerability from nvd – Published: 2023-08-16 21:01 – Updated: 2024-08-02 09:05
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IP Phones with Multiplatform Firmware Affected: 11.3.1 MSR2-6
    Affected: 11.3.1 MSR3-3
    Affected: 11.3.2
    Affected: 11.3.3
    Affected: 11.3.4
    Affected: 11.3.5
    Affected: 11.3.3 MSR1
    Affected: 11.3.6
    Affected: 11-3-1MPPSR4UPG
    Affected: 11.3.7
    Affected: 11-3-1MSR2UPG
    Affected: 11.3.6SR1
    Affected: 11.3.7SR1
    Affected: 11.3.7SR2
    Affected: 11.0.0
    Affected: 11.0.1
    Affected: 11.0.1 MSR1-1
    Affected: 11.0.2
    Affected: 11.1.1
    Affected: 11.1.1 MSR1-1
    Affected: 11.1.1 MSR2-1
    Affected: 11.1.2
    Affected: 11.1.2 MSR1-1
    Affected: 11.1.2 MSR3-1
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.3 MSR1-1
    Affected: 11.2.4
    Affected: 11.3.1
    Affected: 11.3.1 MSR1-3
    Create a notification for this product.
    Cisco Cisco PhoneOS Affected: 1.0.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:35.927Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ipphone-csrf-HOCmXW2c",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-csrf-HOCmXW2c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.3.1 MSR2-6"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR3-3"
                },
                {
                  "status": "affected",
                  "version": "11.3.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3"
                },
                {
                  "status": "affected",
                  "version": "11.3.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.5"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.6"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MPPSR4UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.7"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MSR2UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.6SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0.0"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR2-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR3-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.3 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR1-3"
                }
              ]
            },
            {
              "product": "Cisco PhoneOS",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:58:23.679Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ipphone-csrf-HOCmXW2c",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-csrf-HOCmXW2c"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipphone-csrf-HOCmXW2c",
            "defects": [
              "CSCwc78409",
              "CSCwc81103",
              "CSCwc78412"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20221",
        "datePublished": "2023-08-16T21:01:05.872Z",
        "dateReserved": "2022-10-27T18:47:50.368Z",
        "dateUpdated": "2024-08-02T09:05:35.927Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20376 (GCVE-0-2024-20376)

    Vulnerability from cvelistv5 – Published: 2024-05-01 16:43 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IP Phones with Multiplatform Firmware Affected: 11.3.1 MSR2-6
    Affected: 11.3.1 MSR3-3
    Affected: 11.3.2
    Affected: 11.3.3
    Affected: 11.3.1 MSR4-1
    Affected: 11.3.4
    Affected: 11.3.5
    Affected: 11.3.3 MSR2
    Affected: 11.3.3 MSR1
    Affected: 11.3.6
    Affected: 11-3-1MPPSR4UPG
    Affected: 11.3.7
    Affected: 11-3-1MSR2UPG
    Affected: 11.3.6SR1
    Affected: 11.3.7SR1
    Affected: 11.3.7SR2
    Affected: 11.0.0
    Affected: 11.0.1
    Affected: 11.0.1 MSR1-1
    Affected: 11.0.2
    Affected: 11.1.1
    Affected: 11.1.1 MSR1-1
    Affected: 11.1.1 MSR2-1
    Affected: 11.1.2
    Affected: 11.1.2 MSR1-1
    Affected: 11.1.2 MSR3-1
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.3 MSR1-1
    Affected: 11.2.4
    Affected: 11.3.1
    Affected: 11.3.1 MSR1-3
    Affected: 4.5
    Affected: 4.6 MSR1
    Affected: 4.7.1
    Affected: 4.8.1
    Affected: 4.8.1 SR1
    Affected: 5.0.1
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.3SR1
    Affected: 12.0.4
    Affected: 5.1.1
    Affected: 5.1.2
    Affected: 5.1(2)SR1
    Create a notification for this product.
    Cisco Cisco PhoneOS Affected: 1.0.1
    Affected: 2.1.1
    Affected: 2.0.1
    Affected: 2.3.1
    Create a notification for this product.
    cisco ip_phone_6871_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6851_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6825_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7811_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_8800_series_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco video_phone_8875_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6871_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6821_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6851_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7821_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6861_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6825_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6841_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7811_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7841_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7861_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_8800_series_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "video_phone_8875_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20376",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-01T20:50:33.825806Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T13:47:10.312Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.187Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.3.1 MSR2-6"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR3-3"
                },
                {
                  "status": "affected",
                  "version": "11.3.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR4-1"
                },
                {
                  "status": "affected",
                  "version": "11.3.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.5"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.6"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MPPSR4UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.7"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MSR2UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.6SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0.0"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR2-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR3-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.3 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR1-3"
                },
                {
                  "status": "affected",
                  "version": "4.5"
                },
                {
                  "status": "affected",
                  "version": "4.6 MSR1"
                },
                {
                  "status": "affected",
                  "version": "4.7.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "5.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.3SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.2"
                },
                {
                  "status": "affected",
                  "version": "5.1(2)SR1"
                }
              ]
            },
            {
              "product": "Cisco PhoneOS",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.1.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.  \r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-01T16:43:15.553Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
            "defects": [
              "CSCwi64103",
              "CSCwi64077"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20376",
        "datePublished": "2024-05-01T16:43:15.553Z",
        "dateReserved": "2023-11-08T15:08:07.655Z",
        "dateUpdated": "2024-08-01T21:59:42.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20378 (GCVE-0-2024-20378)

    Vulnerability from cvelistv5 – Published: 2024-05-01 16:41 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IP Phones with Multiplatform Firmware Affected: 11.3.1 MSR2-6
    Affected: 11.3.1 MSR3-3
    Affected: 11.3.2
    Affected: 11.3.3
    Affected: 11.3.1 MSR4-1
    Affected: 11.3.4
    Affected: 11.3.5
    Affected: 11.3.3 MSR2
    Affected: 11.3.3 MSR1
    Affected: 11.3.6
    Affected: 11-3-1MPPSR4UPG
    Affected: 11.3.7
    Affected: 11-3-1MSR2UPG
    Affected: 11.3.6SR1
    Affected: 11.3.7SR1
    Affected: 11.3.7SR2
    Affected: 11.0.0
    Affected: 11.0.1
    Affected: 11.0.1 MSR1-1
    Affected: 11.0.2
    Affected: 11.1.1
    Affected: 11.1.1 MSR1-1
    Affected: 11.1.1 MSR2-1
    Affected: 11.1.2
    Affected: 11.1.2 MSR1-1
    Affected: 11.1.2 MSR3-1
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.3 MSR1-1
    Affected: 11.2.4
    Affected: 11.3.1
    Affected: 11.3.1 MSR1-3
    Affected: 4.5
    Affected: 4.6 MSR1
    Affected: 4.7.1
    Affected: 4.8.1
    Affected: 4.8.1 SR1
    Affected: 5.0.1
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.3SR1
    Affected: 12.0.4
    Affected: 5.1.1
    Affected: 5.1.2
    Affected: 5.1(2)SR1
    Create a notification for this product.
    Cisco Cisco PhoneOS Affected: 1.0.1
    Affected: 2.1.1
    Affected: 2.0.1
    Affected: 2.3.1
    Create a notification for this product.
    cisco ip_phone_6871_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6851_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6825_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7811_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_8800_series_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco video_phone_8875_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6871_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6821_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6851_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7821_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6861_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6825_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6841_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7811_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7841_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7861_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_8800_series_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "video_phone_8875_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20378",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-01T20:19:03.667220Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T13:47:37.828Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.451Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.3.1 MSR2-6"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR3-3"
                },
                {
                  "status": "affected",
                  "version": "11.3.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR4-1"
                },
                {
                  "status": "affected",
                  "version": "11.3.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.5"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.6"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MPPSR4UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.7"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MSR2UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.6SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0.0"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR2-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR3-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.3 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR1-3"
                },
                {
                  "status": "affected",
                  "version": "4.5"
                },
                {
                  "status": "affected",
                  "version": "4.6 MSR1"
                },
                {
                  "status": "affected",
                  "version": "4.7.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "5.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.3SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.2"
                },
                {
                  "status": "affected",
                  "version": "5.1(2)SR1"
                }
              ]
            },
            {
              "product": "Cisco PhoneOS",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.1.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device.  \r\n\r This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-01T16:41:52.385Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
            "defects": [
              "CSCwi64037",
              "CSCwi64050"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20378",
        "datePublished": "2024-05-01T16:41:52.385Z",
        "dateReserved": "2023-11-08T15:08:07.655Z",
        "dateUpdated": "2024-08-01T21:59:42.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20357 (GCVE-0-2024-20357)

    Vulnerability from cvelistv5 – Published: 2024-05-01 16:36 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IP Phones with Multiplatform Firmware Affected: 11.3.1 MSR2-6
    Affected: 11.3.1 MSR3-3
    Affected: 11.3.2
    Affected: 11.3.3
    Affected: 11.3.1 MSR4-1
    Affected: 11.3.4
    Affected: 11.3.5
    Affected: 11.3.3 MSR2
    Affected: 11.3.3 MSR1
    Affected: 11.3.6
    Affected: 11-3-1MPPSR4UPG
    Affected: 11.3.7
    Affected: 11-3-1MSR2UPG
    Affected: 11.3.6SR1
    Affected: 11.3.7SR1
    Affected: 11.3.7SR2
    Affected: 11.0.0
    Affected: 11.0.1
    Affected: 11.0.1 MSR1-1
    Affected: 11.0.2
    Affected: 11.1.1
    Affected: 11.1.1 MSR1-1
    Affected: 11.1.1 MSR2-1
    Affected: 11.1.2
    Affected: 11.1.2 MSR1-1
    Affected: 11.1.2 MSR3-1
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.3 MSR1-1
    Affected: 11.2.4
    Affected: 11.3.1
    Affected: 11.3.1 MSR1-3
    Affected: 4.5
    Affected: 4.6 MSR1
    Affected: 4.7.1
    Affected: 4.8.1
    Affected: 4.8.1 SR1
    Affected: 5.0.1
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.3SR1
    Affected: 12.0.4
    Affected: 5.1.1
    Affected: 5.1.2
    Affected: 5.1(2)SR1
    Create a notification for this product.
    Cisco Cisco PhoneOS Affected: 1.0.1
    Affected: 2.1.1
    Affected: 2.0.1
    Affected: 2.3.1
    Create a notification for this product.
    cisco ip_phone_6871_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6851_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6825_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7811_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_8800_series_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco video_phone_8875_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6871_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6821_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6851_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7821_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6861_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6825_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6841_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7811_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7841_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7861_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_8800_series_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "video_phone_8875_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20357",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-01T20:55:26.843678Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T13:45:13.942Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.103Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.3.1 MSR2-6"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR3-3"
                },
                {
                  "status": "affected",
                  "version": "11.3.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR4-1"
                },
                {
                  "status": "affected",
                  "version": "11.3.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.5"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.6"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MPPSR4UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.7"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MSR2UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.6SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0.0"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR2-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR3-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.3 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR1-3"
                },
                {
                  "status": "affected",
                  "version": "4.5"
                },
                {
                  "status": "affected",
                  "version": "4.6 MSR1"
                },
                {
                  "status": "affected",
                  "version": "4.7.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "5.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.3SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.2"
                },
                {
                  "status": "affected",
                  "version": "5.1(2)SR1"
                }
              ]
            },
            {
              "product": "Cisco PhoneOS",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.1.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device.  \r\n\r This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-787",
                  "description": "Out-of-bounds Write",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-01T16:36:53.907Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
            "defects": [
              "CSCwi64082",
              "CSCwi64064"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20357",
        "datePublished": "2024-05-01T16:36:53.907Z",
        "dateReserved": "2023-11-08T15:08:07.649Z",
        "dateUpdated": "2024-08-01T21:59:42.103Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-20221 (GCVE-0-2023-20221)

    Vulnerability from cvelistv5 – Published: 2023-08-16 21:01 – Updated: 2024-08-02 09:05
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IP Phones with Multiplatform Firmware Affected: 11.3.1 MSR2-6
    Affected: 11.3.1 MSR3-3
    Affected: 11.3.2
    Affected: 11.3.3
    Affected: 11.3.4
    Affected: 11.3.5
    Affected: 11.3.3 MSR1
    Affected: 11.3.6
    Affected: 11-3-1MPPSR4UPG
    Affected: 11.3.7
    Affected: 11-3-1MSR2UPG
    Affected: 11.3.6SR1
    Affected: 11.3.7SR1
    Affected: 11.3.7SR2
    Affected: 11.0.0
    Affected: 11.0.1
    Affected: 11.0.1 MSR1-1
    Affected: 11.0.2
    Affected: 11.1.1
    Affected: 11.1.1 MSR1-1
    Affected: 11.1.1 MSR2-1
    Affected: 11.1.2
    Affected: 11.1.2 MSR1-1
    Affected: 11.1.2 MSR3-1
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.3 MSR1-1
    Affected: 11.2.4
    Affected: 11.3.1
    Affected: 11.3.1 MSR1-3
    Create a notification for this product.
    Cisco Cisco PhoneOS Affected: 1.0.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T09:05:35.927Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ipphone-csrf-HOCmXW2c",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-csrf-HOCmXW2c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.3.1 MSR2-6"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR3-3"
                },
                {
                  "status": "affected",
                  "version": "11.3.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3"
                },
                {
                  "status": "affected",
                  "version": "11.3.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.5"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.6"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MPPSR4UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.7"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MSR2UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.6SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0.0"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR2-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR3-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.3 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR1-3"
                }
              ]
            },
            {
              "product": "Cisco PhoneOS",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of the web-based management interface of an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading an authenticated user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform a factory reset of the affected device, resulting in a Denial of Service (DoS) condition."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-25T16:58:23.679Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ipphone-csrf-HOCmXW2c",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-csrf-HOCmXW2c"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipphone-csrf-HOCmXW2c",
            "defects": [
              "CSCwc78409",
              "CSCwc81103",
              "CSCwc78412"
            ],
            "discovery": "INTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2023-20221",
        "datePublished": "2023-08-16T21:01:05.872Z",
        "dateReserved": "2022-10-27T18:47:50.368Z",
        "dateUpdated": "2024-08-02T09:05:35.927Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }