Vulnerability-Lookup

BDU:2024-09470

Vulnerability from fstec - Published: 06.11.2024

Title

Уязвимость веб-интерфейса микропрограммного обеспечения IP-телефонов Cisco IP Phone 9800, Cisco IP Phone 7800, Cisco IP Phone 8800 и Cisco IP Phone 8875, позволяющая нарушителю получить доступ к конфиденциальной информации

Description

Уязвимость веб-интерфейса микропрограммного обеспечения IP-телефонов Cisco IP Phone 9800, Cisco IP Phone 7800, Cisco IP Phone 8800 и Cisco IP Phone 8875 связана с отсутствием защиты служебных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить доступ к конфиденциальной информации

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vendor

Cisco Systems Inc.

Software Name

Cisco Desk Phone 9800, Cisco IP Phone 7800, Cisco IP Phone 8800, Video Phone 8875

Software Version

3.1(1) (Cisco Desk Phone 9800), 3.1(1)SR1 (Cisco Desk Phone 9800), до 14.3(1) (Cisco IP Phone 7800), до 14.3(1) (Cisco IP Phone 8800), до 3.2(1) (Video Phone 8875)

Possible Mitigations

Использование рекомендаций: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG

Reference

https://nvd.nist.gov/vuln/detail/CVE-2024-20445 https://www.securitylab.ru/news/553742.php https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG

CWE

CWE-200

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "3.1(1) (Cisco Desk Phone 9800), 3.1(1)SR1 (Cisco Desk Phone 9800), \u0434\u043e 14.3(1) (Cisco IP Phone 7800), \u0434\u043e 14.3(1) (Cisco IP Phone 8800), \u0434\u043e 3.2(1) (Video Phone 8875)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.11.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "14.11.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "14.11.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-09470",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-20445",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco Desk Phone 9800, Cisco IP Phone 7800, Cisco IP Phone 8800, Video Phone 8875",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f IP-\u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043e\u0432 Cisco IP Phone 9800, Cisco IP Phone 7800, Cisco IP Phone 8800 \u0438 Cisco IP Phone 8875, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 (CWE-200)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f IP-\u0442\u0435\u043b\u0435\u0444\u043e\u043d\u043e\u0432 Cisco IP Phone 9800, Cisco IP Phone 7800, Cisco IP Phone 8800 \u0438 Cisco IP Phone 8875 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u043b\u0443\u0436\u0435\u0431\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0439 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2024-20445\nhttps://www.securitylab.ru/news/553742.php\nhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-200",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,3)"
}

CVE-2024-20445 (GCVE-0-2024-20445)

Vulnerability from cvelistv5 – Published: 2024-11-06 16:29 – Updated: 2024-11-06 22:00

Title

Cisco IP Phone 7800, 8800, and 9800 Series Information Disclosure Vulnerability

Summary

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records. Note: Web Access is disabled by default.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Assigner

cisco

References

URL

Tags

https://sec.cloudapps.cisco.com/security/center/c…

Impacted products

	Vendor	Product	Version
	Cisco	Cisco Session Initiation Protocol (SIP) Software	Affected: 12.1(1)SR1 Affected: 11.5(1) Affected: 10.3(2) Affected: 10.2(2) Affected: 10.3(1) Affected: 10.3(1)SR4 Affected: 11.0(1) Affected: 10.4(1)SR2 3rd Party Affected: 11.7(1) Affected: 12.1(1) Affected: 11.0(0.7) MPP Affected: 9.3(4) 3rd Party Affected: 12.5(1)SR2 Affected: 10.2(1)SR1 Affected: 9.3(4)SR3 3rd Party Affected: 10.2(1) Affected: 12.5(1) Affected: 10.3(1)SR2 Affected: 11-0-1MSR1-1 Affected: 10.4(1) 3rd Party Affected: 12.5(1)SR1 Affected: 11.5(1)SR1 Affected: 10.1(1)SR2 Affected: 12.0(1)SR2 Affected: 12.6(1) Affected: 10.3(1.11) 3rd Party Affected: 12.0(1) Affected: 12.0(1)SR1 Affected: 9.3(3) Affected: 12.5(1)SR3 Affected: 10.3(1)SR4b Affected: 9.3(4)SR1 3rd Party Affected: 10.3(1)SR5 Affected: 10.1(1.9) Affected: 10.3(1.9) 3rd Party Affected: 9.3(4)SR2 3rd Party Affected: 10.3(1)SR1 Affected: 10.3(1)SR3 Affected: 10.1(1)SR1 Affected: 12.0(1)SR3 Affected: 12.6(1)SR1 Affected: 12.7(1) Affected: 10.3(1)SR6 Affected: 12.8(1) Affected: 12.7(1)SR1 Affected: 12.8(1)SR1 Affected: 12.8(1)SR2 Affected: 14.0(1) Affected: 14.0(1)SR1 Affected: 10.3(1)SR7 Affected: 14.0(1)SR2 Affected: 14.1(1) Affected: 14.0(1)SR3 Affected: 14.1(1)SR1 Affected: 14.1(1)SR2 Affected: 14.2(1) Affected: 14.2(1)SR1 Affected: 14.1(1)SR3 Affected: 14.2(1)SR2 Affected: 3.1(1) Affected: 3.0(1) Affected: 14.2(1)SR3 Affected: 3.1(1)SR1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cisco:sip_ip_phone_software:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sip_ip_phone_software",
            "vendor": "cisco",
            "versions": [
              {
                "status": "affected",
                "version": "12.1(1)SR1"
              },
              {
                "status": "affected",
                "version": "11.5(1)"
              },
              {
                "status": "affected",
                "version": "10.3(2)"
              },
              {
                "status": "affected",
                "version": "10.2(2)"
              },
              {
                "status": "affected",
                "version": "10.3(1)"
              },
              {
                "status": "affected",
                "version": "10.3(1)SR4"
              },
              {
                "status": "affected",
                "version": "11.0(1)"
              },
              {
                "status": "affected",
                "version": "10.4(1)SR2_3rd_Party"
              },
              {
                "status": "affected",
                "version": "11.7(1)"
              },
              {
                "status": "affected",
                "version": "12.1(1)"
              },
              {
                "status": "affected",
                "version": "11.0(0.7)_MPP"
              },
              {
                "status": "affected",
                "version": "9.3(4)_3rd_Party"
              },
              {
                "status": "affected",
                "version": "12.5(1)SR2"
              },
              {
                "status": "affected",
                "version": "10.2(1)SR1"
              },
              {
                "status": "affected",
                "version": "9.3(4)SR3_3rd_Party"
              },
              {
                "status": "affected",
                "version": "10.2(1)"
              },
              {
                "status": "affected",
                "version": "12.5(1)"
              },
              {
                "status": "affected",
                "version": "10.3(1)SR2"
              },
              {
                "status": "affected",
                "version": "11-0-1MSR1-1"
              },
              {
                "status": "affected",
                "version": "10.4(1)_3rd_Party"
              },
              {
                "status": "affected",
                "version": "12.5(1)SR1"
              },
              {
                "status": "affected",
                "version": "11.5(1)SR1"
              },
              {
                "status": "affected",
                "version": "10.1(1)SR2"
              },
              {
                "status": "affected",
                "version": "12.0(1)SR2"
              },
              {
                "status": "affected",
                "version": "12.6(1)"
              },
              {
                "status": "affected",
                "version": "10.3(1.11)_3rd_Party"
              },
              {
                "status": "affected",
                "version": "12.0(1)"
              },
              {
                "status": "affected",
                "version": "12.0(1)SR1"
              },
              {
                "status": "affected",
                "version": "9.3(3)"
              },
              {
                "status": "affected",
                "version": "12.5(1)SR3"
              },
              {
                "status": "affected",
                "version": "10.3(1)SR4b"
              },
              {
                "status": "affected",
                "version": "9.3(4)SR1_3rd_Party"
              },
              {
                "status": "affected",
                "version": "10.3(1)SR5"
              },
              {
                "status": "affected",
                "version": "10.1(1.9)"
              },
              {
                "status": "affected",
                "version": "10.3(1.9)_3rd_Party"
              },
              {
                "status": "affected",
                "version": "9.3(4)SR2_3rd_Party"
              },
              {
                "status": "affected",
                "version": "10.3(1)SR1"
              },
              {
                "status": "affected",
                "version": "10.3(1)SR3"
              },
              {
                "status": "affected",
                "version": "10.1(1)SR1"
              },
              {
                "status": "affected",
                "version": "12.0(1)SR3"
              },
              {
                "status": "affected",
                "version": "12.6(1)SR1"
              },
              {
                "status": "affected",
                "version": "12.7(1)"
              },
              {
                "status": "affected",
                "version": "10.3(1)SR6"
              },
              {
                "status": "affected",
                "version": "12.8(1)"
              },
              {
                "status": "affected",
                "version": "12.7(1)SR1"
              },
              {
                "status": "affected",
                "version": "12.8(1)SR1"
              },
              {
                "status": "affected",
                "version": "12.8(1)SR2"
              },
              {
                "status": "affected",
                "version": "14.0(1)"
              },
              {
                "status": "affected",
                "version": "14.0(1)SR1"
              },
              {
                "status": "affected",
                "version": "10.3(1)SR7"
              },
              {
                "status": "affected",
                "version": "14.0(1)SR2"
              },
              {
                "status": "affected",
                "version": "14.1(1)"
              },
              {
                "status": "affected",
                "version": "14.0(1)SR3"
              },
              {
                "status": "affected",
                "version": "14.1(1)SR1"
              },
              {
                "status": "affected",
                "version": "14.1(1)SR2"
              },
              {
                "status": "affected",
                "version": "14.2(1)"
              },
              {
                "status": "affected",
                "version": "14.2(1)SR1"
              },
              {
                "status": "affected",
                "version": "14.1(1)SR3"
              },
              {
                "status": "affected",
                "version": "14.2(1)SR2"
              },
              {
                "status": "affected",
                "version": "3.1(1)"
              },
              {
                "status": "affected",
                "version": "3.0(1)"
              },
              {
                "status": "affected",
                "version": "14.2(1)SR3"
              },
              {
                "status": "affected",
                "version": "3.1(1)SR1"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-20445",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-06T17:23:46.067108Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-06T22:00:02.234Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Cisco Session Initiation Protocol (SIP) Software",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "12.1(1)SR1"
            },
            {
              "status": "affected",
              "version": "11.5(1)"
            },
            {
              "status": "affected",
              "version": "10.3(2)"
            },
            {
              "status": "affected",
              "version": "10.2(2)"
            },
            {
              "status": "affected",
              "version": "10.3(1)"
            },
            {
              "status": "affected",
              "version": "10.3(1)SR4"
            },
            {
              "status": "affected",
              "version": "11.0(1)"
            },
            {
              "status": "affected",
              "version": "10.4(1)SR2 3rd Party"
            },
            {
              "status": "affected",
              "version": "11.7(1)"
            },
            {
              "status": "affected",
              "version": "12.1(1)"
            },
            {
              "status": "affected",
              "version": "11.0(0.7) MPP"
            },
            {
              "status": "affected",
              "version": "9.3(4) 3rd Party"
            },
            {
              "status": "affected",
              "version": "12.5(1)SR2"
            },
            {
              "status": "affected",
              "version": "10.2(1)SR1"
            },
            {
              "status": "affected",
              "version": "9.3(4)SR3 3rd Party"
            },
            {
              "status": "affected",
              "version": "10.2(1)"
            },
            {
              "status": "affected",
              "version": "12.5(1)"
            },
            {
              "status": "affected",
              "version": "10.3(1)SR2"
            },
            {
              "status": "affected",
              "version": "11-0-1MSR1-1"
            },
            {
              "status": "affected",
              "version": "10.4(1) 3rd Party"
            },
            {
              "status": "affected",
              "version": "12.5(1)SR1"
            },
            {
              "status": "affected",
              "version": "11.5(1)SR1"
            },
            {
              "status": "affected",
              "version": "10.1(1)SR2"
            },
            {
              "status": "affected",
              "version": "12.0(1)SR2"
            },
            {
              "status": "affected",
              "version": "12.6(1)"
            },
            {
              "status": "affected",
              "version": "10.3(1.11) 3rd Party"
            },
            {
              "status": "affected",
              "version": "12.0(1)"
            },
            {
              "status": "affected",
              "version": "12.0(1)SR1"
            },
            {
              "status": "affected",
              "version": "9.3(3)"
            },
            {
              "status": "affected",
              "version": "12.5(1)SR3"
            },
            {
              "status": "affected",
              "version": "10.3(1)SR4b"
            },
            {
              "status": "affected",
              "version": "9.3(4)SR1 3rd Party"
            },
            {
              "status": "affected",
              "version": "10.3(1)SR5"
            },
            {
              "status": "affected",
              "version": "10.1(1.9)"
            },
            {
              "status": "affected",
              "version": "10.3(1.9) 3rd Party"
            },
            {
              "status": "affected",
              "version": "9.3(4)SR2 3rd Party"
            },
            {
              "status": "affected",
              "version": "10.3(1)SR1"
            },
            {
              "status": "affected",
              "version": "10.3(1)SR3"
            },
            {
              "status": "affected",
              "version": "10.1(1)SR1"
            },
            {
              "status": "affected",
              "version": "12.0(1)SR3"
            },
            {
              "status": "affected",
              "version": "12.6(1)SR1"
            },
            {
              "status": "affected",
              "version": "12.7(1)"
            },
            {
              "status": "affected",
              "version": "10.3(1)SR6"
            },
            {
              "status": "affected",
              "version": "12.8(1)"
            },
            {
              "status": "affected",
              "version": "12.7(1)SR1"
            },
            {
              "status": "affected",
              "version": "12.8(1)SR1"
            },
            {
              "status": "affected",
              "version": "12.8(1)SR2"
            },
            {
              "status": "affected",
              "version": "14.0(1)"
            },
            {
              "status": "affected",
              "version": "14.0(1)SR1"
            },
            {
              "status": "affected",
              "version": "10.3(1)SR7"
            },
            {
              "status": "affected",
              "version": "14.0(1)SR2"
            },
            {
              "status": "affected",
              "version": "14.1(1)"
            },
            {
              "status": "affected",
              "version": "14.0(1)SR3"
            },
            {
              "status": "affected",
              "version": "14.1(1)SR1"
            },
            {
              "status": "affected",
              "version": "14.1(1)SR2"
            },
            {
              "status": "affected",
              "version": "14.2(1)"
            },
            {
              "status": "affected",
              "version": "14.2(1)SR1"
            },
            {
              "status": "affected",
              "version": "14.1(1)SR3"
            },
            {
              "status": "affected",
              "version": "14.2(1)SR2"
            },
            {
              "status": "affected",
              "version": "3.1(1)"
            },
            {
              "status": "affected",
              "version": "3.0(1)"
            },
            {
              "status": "affected",
              "version": "14.2(1)SR3"
            },
            {
              "status": "affected",
              "version": "3.1(1)SR1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records.\r\nNote: Web Access is disabled by default."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-06T16:29:06.293Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-phone-infodisc-sbyqQVbG",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG"
        }
      ],
      "source": {
        "advisory": "cisco-sa-phone-infodisc-sbyqQVbG",
        "defects": [
          "CSCwk25862"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Cisco IP Phone 7800, 8800, and 9800 Series Information Disclosure Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2024-20445",
    "datePublished": "2024-11-06T16:29:06.293Z",
    "dateReserved": "2023-11-08T15:08:07.678Z",
    "dateUpdated": "2024-11-06T22:00:02.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2024-09470

CVE-2024-20445 (GCVE-0-2024-20445)

Tags

Sightings

Nomenclature