CVE-2024-20357 — MEDIUM (5.9)

Q: How severe is CVE-2024-20357?

CVE-2024-20357 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-20357?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Phone 6871 With Multiplatform Firmware, Cisco Ip Phone 6871, Cisco Ip Phone 7811 With Multiplatform Firmware, Cisco Ip Phone 7811, Cisco Ip Phone 7821 With Multiplatform Firmware.

Vulnerability Description

A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Ip Phone 6871 With Multiplatform Firmware	<= 12.0.4
Cisco	Ip Phone 6871	-
Cisco	Ip Phone 7811 With Multiplatform Firmware	<= 12.0.4
Cisco	Ip Phone 7811	-
Cisco	Ip Phone 7821 With Multiplatform Firmware	<= 12.0.4
Cisco	Ip Phone 7821	-
Cisco	Ip Phone 7832 With Multiplatform Firmware	<= 12.0.4
Cisco	Ip Phone 7832	-
Cisco	Ip Phone 7841 With Multiplatform Firmware	<= 12.0.4
Cisco	Ip Phone 7841	-
Cisco	Ip Phone 7861 With Multiplatform Firmware	<= 12.0.4
Cisco	Ip Phone 7861	-
Cisco	Ip Phone 8811 With Multiplatform Firmware	<= 12.0.4
Cisco	Ip Phone 8811	-
Cisco	Ip Phone 8832 With Multiplatform Firmware	<= 12.0.4
Cisco	Ip Phone 8832	-
Cisco	Ip Phone 8841 With Multiplatform Firmware	<= 12.0.4
Cisco	Ip Phone 8841	-
Cisco	Ip Phone 8845 With Multiplatform Firmware	<= 12.0.4
Cisco	Ip Phone 8845	-

Related Weaknesses (CWE)

CWE-787

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory

FAQ

What is CVE-2024-20357?

CVE-2024-20357 is a vulnerability with a CVSS score of 5.9 (MEDIUM). A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because boun...

How severe is CVE-2024-20357?

CVE-2024-20357 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-20357?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Phone 6871 With Multiplatform Firmware, Cisco Ip Phone 6871, Cisco Ip Phone 7811 With Multiplatform Firmware, Cisco Ip Phone 7811, Cisco Ip Phone 7821 With Multiplatform Firmware.