Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for ip_phone_8851nr_with_multiplatform_firmware by cisco

    CVE-2024-20378 (GCVE-0-2024-20378)

    Vulnerability from nvd – Published: 2024-05-01 16:41 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IP Phones with Multiplatform Firmware Affected: 11.3.1 MSR2-6
    Affected: 11.3.1 MSR3-3
    Affected: 11.3.2
    Affected: 11.3.3
    Affected: 11.3.1 MSR4-1
    Affected: 11.3.4
    Affected: 11.3.5
    Affected: 11.3.3 MSR2
    Affected: 11.3.3 MSR1
    Affected: 11.3.6
    Affected: 11-3-1MPPSR4UPG
    Affected: 11.3.7
    Affected: 11-3-1MSR2UPG
    Affected: 11.3.6SR1
    Affected: 11.3.7SR1
    Affected: 11.3.7SR2
    Affected: 11.0.0
    Affected: 11.0.1
    Affected: 11.0.1 MSR1-1
    Affected: 11.0.2
    Affected: 11.1.1
    Affected: 11.1.1 MSR1-1
    Affected: 11.1.1 MSR2-1
    Affected: 11.1.2
    Affected: 11.1.2 MSR1-1
    Affected: 11.1.2 MSR3-1
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.3 MSR1-1
    Affected: 11.2.4
    Affected: 11.3.1
    Affected: 11.3.1 MSR1-3
    Affected: 4.5
    Affected: 4.6 MSR1
    Affected: 4.7.1
    Affected: 4.8.1
    Affected: 4.8.1 SR1
    Affected: 5.0.1
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.3SR1
    Affected: 12.0.4
    Affected: 5.1.1
    Affected: 5.1.2
    Affected: 5.1(2)SR1
    Create a notification for this product.
    Cisco Cisco PhoneOS Affected: 1.0.1
    Affected: 2.1.1
    Affected: 2.0.1
    Affected: 2.3.1
    Create a notification for this product.
    cisco ip_phone_6871_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6851_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6825_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7811_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_8800_series_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco video_phone_8875_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6871_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6821_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6851_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7821_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6861_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6825_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6841_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7811_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7841_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7861_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_8800_series_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "video_phone_8875_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20378",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-01T20:19:03.667220Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T13:47:37.828Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.451Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.3.1 MSR2-6"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR3-3"
                },
                {
                  "status": "affected",
                  "version": "11.3.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR4-1"
                },
                {
                  "status": "affected",
                  "version": "11.3.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.5"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.6"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MPPSR4UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.7"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MSR2UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.6SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0.0"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR2-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR3-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.3 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR1-3"
                },
                {
                  "status": "affected",
                  "version": "4.5"
                },
                {
                  "status": "affected",
                  "version": "4.6 MSR1"
                },
                {
                  "status": "affected",
                  "version": "4.7.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "5.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.3SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.2"
                },
                {
                  "status": "affected",
                  "version": "5.1(2)SR1"
                }
              ]
            },
            {
              "product": "Cisco PhoneOS",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.1.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device.  \r\n\r This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-01T16:41:52.385Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
            "defects": [
              "CSCwi64037",
              "CSCwi64050"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20378",
        "datePublished": "2024-05-01T16:41:52.385Z",
        "dateReserved": "2023-11-08T15:08:07.655Z",
        "dateUpdated": "2024-08-01T21:59:42.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-20378 (GCVE-0-2024-20378)

    Vulnerability from cvelistv5 – Published: 2024-05-01 16:41 – Updated: 2024-08-01 21:59
    VLAI
    Summary
    A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-305 - Authentication Bypass by Primary Weakness
    Assigner
    Impacted products
    Vendor Product Version
    Cisco Cisco IP Phones with Multiplatform Firmware Affected: 11.3.1 MSR2-6
    Affected: 11.3.1 MSR3-3
    Affected: 11.3.2
    Affected: 11.3.3
    Affected: 11.3.1 MSR4-1
    Affected: 11.3.4
    Affected: 11.3.5
    Affected: 11.3.3 MSR2
    Affected: 11.3.3 MSR1
    Affected: 11.3.6
    Affected: 11-3-1MPPSR4UPG
    Affected: 11.3.7
    Affected: 11-3-1MSR2UPG
    Affected: 11.3.6SR1
    Affected: 11.3.7SR1
    Affected: 11.3.7SR2
    Affected: 11.0.0
    Affected: 11.0.1
    Affected: 11.0.1 MSR1-1
    Affected: 11.0.2
    Affected: 11.1.1
    Affected: 11.1.1 MSR1-1
    Affected: 11.1.1 MSR2-1
    Affected: 11.1.2
    Affected: 11.1.2 MSR1-1
    Affected: 11.1.2 MSR3-1
    Affected: 11.2.1
    Affected: 11.2.2
    Affected: 11.2.3
    Affected: 11.2.3 MSR1-1
    Affected: 11.2.4
    Affected: 11.3.1
    Affected: 11.3.1 MSR1-3
    Affected: 4.5
    Affected: 4.6 MSR1
    Affected: 4.7.1
    Affected: 4.8.1
    Affected: 4.8.1 SR1
    Affected: 5.0.1
    Affected: 12.0.1
    Affected: 12.0.2
    Affected: 12.0.3
    Affected: 12.0.3SR1
    Affected: 12.0.4
    Affected: 5.1.1
    Affected: 5.1.2
    Affected: 5.1(2)SR1
    Create a notification for this product.
    Cisco Cisco PhoneOS Affected: 1.0.1
    Affected: 2.1.1
    Affected: 2.0.1
    Affected: 2.3.1
    Create a notification for this product.
    cisco ip_phone_6871_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6851_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7821_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6825_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_6841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7811_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7841_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_7861_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco ip_phone_8800_series_with_multiplatform_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    cisco video_phone_8875_firmware Affected: 0 , ≤ 12.0.4 (custom)
        cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6871_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6821_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6851_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7821_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6861_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6825_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_6841_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7811_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7841_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_7861_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "ip_phone_8800_series_with_multiplatform_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "video_phone_8875_firmware",
                "vendor": "cisco",
                "versions": [
                  {
                    "lessThanOrEqual": "12.0.4",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-20378",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-01T20:19:03.667220Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T13:47:37.828Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T21:59:42.451Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
                "tags": [
                  "x_transferred"
                ],
                "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Cisco IP Phones with Multiplatform Firmware",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.3.1 MSR2-6"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR3-3"
                },
                {
                  "status": "affected",
                  "version": "11.3.2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR4-1"
                },
                {
                  "status": "affected",
                  "version": "11.3.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.5"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR2"
                },
                {
                  "status": "affected",
                  "version": "11.3.3 MSR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.6"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MPPSR4UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.7"
                },
                {
                  "status": "affected",
                  "version": "11-3-1MSR2UPG"
                },
                {
                  "status": "affected",
                  "version": "11.3.6SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR1"
                },
                {
                  "status": "affected",
                  "version": "11.3.7SR2"
                },
                {
                  "status": "affected",
                  "version": "11.0.0"
                },
                {
                  "status": "affected",
                  "version": "11.0.1"
                },
                {
                  "status": "affected",
                  "version": "11.0.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.0.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.1 MSR2-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.1.2 MSR3-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.1"
                },
                {
                  "status": "affected",
                  "version": "11.2.2"
                },
                {
                  "status": "affected",
                  "version": "11.2.3"
                },
                {
                  "status": "affected",
                  "version": "11.2.3 MSR1-1"
                },
                {
                  "status": "affected",
                  "version": "11.2.4"
                },
                {
                  "status": "affected",
                  "version": "11.3.1"
                },
                {
                  "status": "affected",
                  "version": "11.3.1 MSR1-3"
                },
                {
                  "status": "affected",
                  "version": "4.5"
                },
                {
                  "status": "affected",
                  "version": "4.6 MSR1"
                },
                {
                  "status": "affected",
                  "version": "4.7.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.1"
                },
                {
                  "status": "affected",
                  "version": "4.8.1 SR1"
                },
                {
                  "status": "affected",
                  "version": "5.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.1"
                },
                {
                  "status": "affected",
                  "version": "12.0.2"
                },
                {
                  "status": "affected",
                  "version": "12.0.3"
                },
                {
                  "status": "affected",
                  "version": "12.0.3SR1"
                },
                {
                  "status": "affected",
                  "version": "12.0.4"
                },
                {
                  "status": "affected",
                  "version": "5.1.1"
                },
                {
                  "status": "affected",
                  "version": "5.1.2"
                },
                {
                  "status": "affected",
                  "version": "5.1(2)SR1"
                }
              ]
            },
            {
              "product": "Cisco PhoneOS",
              "vendor": "Cisco",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.1.1"
                },
                {
                  "status": "affected",
                  "version": "2.0.1"
                },
                {
                  "status": "affected",
                  "version": "2.3.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device.  \r\n\r This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed."
            }
          ],
          "exploits": [
            {
              "lang": "en",
              "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "cvssV3_1"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-305",
                  "description": "Authentication Bypass by Primary Weakness",
                  "lang": "en",
                  "type": "cwe"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-05-01T16:41:52.385Z",
            "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
            "shortName": "cisco"
          },
          "references": [
            {
              "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
              "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
            }
          ],
          "source": {
            "advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
            "defects": [
              "CSCwi64037",
              "CSCwi64050"
            ],
            "discovery": "EXTERNAL"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "assignerShortName": "cisco",
        "cveId": "CVE-2024-20378",
        "datePublished": "2024-05-01T16:41:52.385Z",
        "dateReserved": "2023-11-08T15:08:07.655Z",
        "dateUpdated": "2024-08-01T21:59:42.451Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }