HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2024-20378

CVSS 7.5v3.1pub. 2024-05-01upd. 2026-01-05

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Cisco Ip Phone 6821

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 6821 With Multiplatform Firmware

    OS
    Cisco
    12.0.4< 12.0.4
  • Cisco Ip Phone 6841

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 6841 With Multiplatform Firmware

    OS
    Cisco
    12.0.4< 12.0.4
  • Cisco Ip Phone 6851

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 6851 With Multiplatform Firmware

    OS
    Cisco
    12.0.4< 12.0.4
  • Cisco Ip Phone 6861

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 6861 With Multiplatform Firmware

    OS
    Cisco
    12.0.4< 12.0.4
  • Cisco Ip Phone 6871

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 6871 With Multiplatform Firmware

    OS
    Cisco
    12.0.4< 12.0.4
  • Cisco Ip Phone 7811

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 7811 With Multiplatform Firmware

    OS
    Cisco
    12.0.4< 12.0.4
  • Cisco Ip Phone 7821

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 7821 With Multiplatform Firmware

    OS
    Cisco
    12.0.4< 12.0.4
  • Cisco Ip Phone 7841

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 7841 With Multiplatform Firmware

    OS
    Cisco
    12.0.4< 12.0.4
  • Cisco Ip Phone 7861

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 7861 With Multiplatform Firmware

    OS
    Cisco
    12.0.4< 12.0.4
  • Cisco Ip Phone 8811

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8811 With Multiplatform Firmware

    OS
    Cisco
    12.0.4< 12.0.4
  • Cisco Ip Phone 8841

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8841 With Multiplatform Firmware

    OS
    Cisco
    12.0.4< 12.0.4
  • Cisco Ip Phone 8851

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8851nr

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8851nr With Multiplatform Firmware

    OS
    Cisco
    12.0.4< 12.0.4
  • Cisco Ip Phone 8851 With Multiplatform Firmware

    OS
    Cisco
    12.0.4< 12.0.4
  • Cisco Ip Phone 8861

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8861 With Multiplatform Firmware

    OS
    Cisco
    12.0.4< 12.0.4
  • Cisco Video Phone 8875

    HW
    Cisco
    wszystkie wersje
  • Cisco Video Phone 8875 With Multiplatform Firmware

    OS
    Cisco
    < 2.3.1.0101
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2020-3161CRITICAL9.8⚠ KEVten sam produkt

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execu...

CVE-2023-20078CRITICAL9.8ten sam produkt

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unaut...

CVE-2023-20079CRITICAL9.8ten sam produkt

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unaut...

CVE-2025-20350HIGH7.5ten sam produkt

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco ...

CVE-2024-20376HIGH7.5ten sam produkt

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticate...