CVE-2024-20378 — HIGH (7.5)

Q: How severe is CVE-2024-20378?

CVE-2024-20378 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-20378?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Phone 6821 With Multiplatform Firmware, Cisco Ip Phone 6821, Cisco Ip Phone 6841 With Multiplatform Firmware, Cisco Ip Phone 6841, Cisco Ip Phone 6851 With Multiplatform Firmware.

Vulnerability Description

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Cisco	Ip Phone 6821 With Multiplatform Firmware	< 12.0.4
Cisco	Ip Phone 6821	-
Cisco	Ip Phone 6841 With Multiplatform Firmware	< 12.0.4
Cisco	Ip Phone 6841	-
Cisco	Ip Phone 6851 With Multiplatform Firmware	< 12.0.4
Cisco	Ip Phone 6851	-
Cisco	Ip Phone 6861 With Multiplatform Firmware	< 12.0.4
Cisco	Ip Phone 6861	-
Cisco	Ip Phone 6871 With Multiplatform Firmware	< 12.0.4
Cisco	Ip Phone 6871	-
Cisco	Ip Phone 7811 With Multiplatform Firmware	< 12.0.4
Cisco	Ip Phone 7811	-
Cisco	Ip Phone 7821 With Multiplatform Firmware	< 12.0.4
Cisco	Ip Phone 7821	-
Cisco	Ip Phone 7841 With Multiplatform Firmware	< 12.0.4
Cisco	Ip Phone 7841	-
Cisco	Ip Phone 7861 With Multiplatform Firmware	< 12.0.4
Cisco	Ip Phone 7861	-
Cisco	Ip Phone 8811 With Multiplatform Firmware	< 12.0.4
Cisco	Ip Phone 8811	-

Related Weaknesses (CWE)

CWE-305

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciVendor Advisory

FAQ

What is CVE-2024-20378?

CVE-2024-20378 is a vulnerability with a CVSS score of 7.5 (HIGH). A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vu...

How severe is CVE-2024-20378?

CVE-2024-20378 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-20378?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ip Phone 6821 With Multiplatform Firmware, Cisco Ip Phone 6821, Cisco Ip Phone 6841 With Multiplatform Firmware, Cisco Ip Phone 6841, Cisco Ip Phone 6851 With Multiplatform Firmware.