CVE-2024-20378 (GCVE-0-2024-20378)
Vulnerability from cvelistv5
Published
2024-05-01 16:41
Modified
2024-08-01 21:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-305 - Authentication Bypass by Primary Weakness
Summary
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device.
This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Cisco | Cisco IP Phones with Multiplatform Firmware |
Version: 11.3.1 MSR2-6 Version: 11.3.1 MSR3-3 Version: 11.3.2 Version: 11.3.3 Version: 11.3.1 MSR4-1 Version: 11.3.4 Version: 11.3.5 Version: 11.3.3 MSR2 Version: 11.3.3 MSR1 Version: 11.3.6 Version: 11-3-1MPPSR4UPG Version: 11.3.7 Version: 11-3-1MSR2UPG Version: 11.3.6SR1 Version: 11.3.7SR1 Version: 11.3.7SR2 Version: 11.0.0 Version: 11.0.1 Version: 11.0.1 MSR1-1 Version: 11.0.2 Version: 11.1.1 Version: 11.1.1 MSR1-1 Version: 11.1.1 MSR2-1 Version: 11.1.2 Version: 11.1.2 MSR1-1 Version: 11.1.2 MSR3-1 Version: 11.2.1 Version: 11.2.2 Version: 11.2.3 Version: 11.2.3 MSR1-1 Version: 11.2.4 Version: 11.3.1 Version: 11.3.1 MSR1-3 Version: 4.5 Version: 4.6 MSR1 Version: 4.7.1 Version: 4.8.1 Version: 4.8.1 SR1 Version: 5.0.1 Version: 12.0.1 Version: 12.0.2 Version: 12.0.3 Version: 12.0.3SR1 Version: 12.0.4 Version: 5.1.1 Version: 5.1.2 Version: 5.1(2)SR1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6871_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6821_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6851_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7821_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6861_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6825_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_6841_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7811_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7841_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_7861_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_phone_8800_series_with_multiplatform_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "video_phone_8875_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "12.0.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T20:19:03.667220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-06T13:47:37.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:59:42.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Cisco IP Phones with Multiplatform Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "11.3.1 MSR2-6"
},
{
"status": "affected",
"version": "11.3.1 MSR3-3"
},
{
"status": "affected",
"version": "11.3.2"
},
{
"status": "affected",
"version": "11.3.3"
},
{
"status": "affected",
"version": "11.3.1 MSR4-1"
},
{
"status": "affected",
"version": "11.3.4"
},
{
"status": "affected",
"version": "11.3.5"
},
{
"status": "affected",
"version": "11.3.3 MSR2"
},
{
"status": "affected",
"version": "11.3.3 MSR1"
},
{
"status": "affected",
"version": "11.3.6"
},
{
"status": "affected",
"version": "11-3-1MPPSR4UPG"
},
{
"status": "affected",
"version": "11.3.7"
},
{
"status": "affected",
"version": "11-3-1MSR2UPG"
},
{
"status": "affected",
"version": "11.3.6SR1"
},
{
"status": "affected",
"version": "11.3.7SR1"
},
{
"status": "affected",
"version": "11.3.7SR2"
},
{
"status": "affected",
"version": "11.0.0"
},
{
"status": "affected",
"version": "11.0.1"
},
{
"status": "affected",
"version": "11.0.1 MSR1-1"
},
{
"status": "affected",
"version": "11.0.2"
},
{
"status": "affected",
"version": "11.1.1"
},
{
"status": "affected",
"version": "11.1.1 MSR1-1"
},
{
"status": "affected",
"version": "11.1.1 MSR2-1"
},
{
"status": "affected",
"version": "11.1.2"
},
{
"status": "affected",
"version": "11.1.2 MSR1-1"
},
{
"status": "affected",
"version": "11.1.2 MSR3-1"
},
{
"status": "affected",
"version": "11.2.1"
},
{
"status": "affected",
"version": "11.2.2"
},
{
"status": "affected",
"version": "11.2.3"
},
{
"status": "affected",
"version": "11.2.3 MSR1-1"
},
{
"status": "affected",
"version": "11.2.4"
},
{
"status": "affected",
"version": "11.3.1"
},
{
"status": "affected",
"version": "11.3.1 MSR1-3"
},
{
"status": "affected",
"version": "4.5"
},
{
"status": "affected",
"version": "4.6 MSR1"
},
{
"status": "affected",
"version": "4.7.1"
},
{
"status": "affected",
"version": "4.8.1"
},
{
"status": "affected",
"version": "4.8.1 SR1"
},
{
"status": "affected",
"version": "5.0.1"
},
{
"status": "affected",
"version": "12.0.1"
},
{
"status": "affected",
"version": "12.0.2"
},
{
"status": "affected",
"version": "12.0.3"
},
{
"status": "affected",
"version": "12.0.3SR1"
},
{
"status": "affected",
"version": "12.0.4"
},
{
"status": "affected",
"version": "5.1.1"
},
{
"status": "affected",
"version": "5.1.2"
},
{
"status": "affected",
"version": "5.1(2)SR1"
}
]
},
{
"product": "Cisco PhoneOS",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.1"
},
{
"status": "affected",
"version": "2.1.1"
},
{
"status": "affected",
"version": "2.0.1"
},
{
"status": "affected",
"version": "2.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. \r\n\r This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-01T16:41:52.385Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS"
}
],
"source": {
"advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS",
"defects": [
"CSCwi64037",
"CSCwi64050"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2024-20378",
"datePublished": "2024-05-01T16:41:52.385Z",
"dateReserved": "2023-11-08T15:08:07.655Z",
"dateUpdated": "2024-08-01T21:59:42.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS\", \"name\": \"cisco-sa-ipphone-multi-vulns-cXAhCvS\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T21:59:42.451Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-20378\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-01T20:19:03.667220Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_6871_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_6821_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_6851_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_7821_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_6861_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_6825_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_6841_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_7811_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_7841_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_7861_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"ip_phone_8800_series_with_multiplatform_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"video_phone_8875_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"12.0.4\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-01T20:48:12.215Z\"}}], \"cna\": {\"source\": {\"defects\": [\"CSCwi64037\", \"CSCwi64050\"], \"advisory\": \"cisco-sa-ipphone-multi-vulns-cXAhCvS\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IP Phones with Multiplatform Firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.3.1 MSR2-6\"}, {\"status\": \"affected\", \"version\": \"11.3.1 MSR3-3\"}, {\"status\": \"affected\", \"version\": \"11.3.2\"}, {\"status\": \"affected\", \"version\": \"11.3.3\"}, {\"status\": \"affected\", \"version\": \"11.3.1 MSR4-1\"}, {\"status\": \"affected\", \"version\": \"11.3.4\"}, {\"status\": \"affected\", \"version\": \"11.3.5\"}, {\"status\": \"affected\", \"version\": \"11.3.3 MSR2\"}, {\"status\": \"affected\", \"version\": \"11.3.3 MSR1\"}, {\"status\": \"affected\", \"version\": \"11.3.6\"}, {\"status\": \"affected\", \"version\": \"11-3-1MPPSR4UPG\"}, {\"status\": \"affected\", \"version\": \"11.3.7\"}, {\"status\": \"affected\", \"version\": \"11-3-1MSR2UPG\"}, {\"status\": \"affected\", \"version\": \"11.3.6SR1\"}, {\"status\": \"affected\", \"version\": \"11.3.7SR1\"}, {\"status\": \"affected\", \"version\": \"11.3.7SR2\"}, {\"status\": \"affected\", \"version\": \"11.0.0\"}, {\"status\": \"affected\", \"version\": \"11.0.1\"}, {\"status\": \"affected\", \"version\": \"11.0.1 MSR1-1\"}, {\"status\": \"affected\", \"version\": \"11.0.2\"}, {\"status\": \"affected\", \"version\": \"11.1.1\"}, {\"status\": \"affected\", \"version\": \"11.1.1 MSR1-1\"}, {\"status\": \"affected\", \"version\": \"11.1.1 MSR2-1\"}, {\"status\": \"affected\", \"version\": \"11.1.2\"}, {\"status\": \"affected\", \"version\": \"11.1.2 MSR1-1\"}, {\"status\": \"affected\", \"version\": \"11.1.2 MSR3-1\"}, {\"status\": \"affected\", \"version\": \"11.2.1\"}, {\"status\": \"affected\", \"version\": \"11.2.2\"}, {\"status\": \"affected\", \"version\": \"11.2.3\"}, {\"status\": \"affected\", \"version\": \"11.2.3 MSR1-1\"}, {\"status\": \"affected\", \"version\": \"11.2.4\"}, {\"status\": \"affected\", \"version\": \"11.3.1\"}, {\"status\": \"affected\", \"version\": \"11.3.1 MSR1-3\"}, {\"status\": \"affected\", \"version\": \"4.5\"}, {\"status\": \"affected\", \"version\": \"4.6 MSR1\"}, {\"status\": \"affected\", \"version\": \"4.7.1\"}, {\"status\": \"affected\", \"version\": \"4.8.1\"}, {\"status\": \"affected\", \"version\": \"4.8.1 SR1\"}, {\"status\": \"affected\", \"version\": \"5.0.1\"}, {\"status\": \"affected\", \"version\": \"12.0.1\"}, {\"status\": \"affected\", \"version\": \"12.0.2\"}, {\"status\": \"affected\", \"version\": \"12.0.3\"}, {\"status\": \"affected\", \"version\": \"12.0.3SR1\"}, {\"status\": \"affected\", \"version\": \"12.0.4\"}, {\"status\": \"affected\", \"version\": \"5.1.1\"}, {\"status\": \"affected\", \"version\": \"5.1.2\"}, {\"status\": \"affected\", \"version\": \"5.1(2)SR1\"}]}, {\"vendor\": \"Cisco\", \"product\": \"Cisco PhoneOS\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.1\"}, {\"status\": \"affected\", \"version\": \"2.1.1\"}, {\"status\": \"affected\", \"version\": \"2.0.1\"}, {\"status\": \"affected\", \"version\": \"2.3.1\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS\", \"name\": \"cisco-sa-ipphone-multi-vulns-cXAhCvS\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. \\r\\n\\r This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-305\", \"description\": \"Authentication Bypass by Primary Weakness\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2024-05-01T16:41:52.385Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-20378\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-01T21:59:42.451Z\", \"dateReserved\": \"2023-11-08T15:08:07.655Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2024-05-01T16:41:52.385Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…