1. Home
  2. CVE Database
  3. CVE-2024-20534
MEDIUM · 4.8

CVE-2024-20534

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, re...

Vulnerability Description

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users. This vulnerability exists because the web UI of an affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Note: To exploit this vulnerability, Web Access must be enabled on the phone and the attacker must have Admin credentials on the device. Web Access is disabled by default.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
CiscoDesk Phone 9841 With Multiplatform Firmware3.1\(1\)
CiscoDesk Phone 9841-
CiscoDesk Phone 9851 With Multiplatform Firmware3.1\(1\)
CiscoDesk Phone 9851-
CiscoDesk Phone 9861 With Multiplatform Firmware3.1\(1\)
CiscoDesk Phone 9861-
CiscoDesk Phone 9871 With Multiplatform Firmware3.1\(1\)
CiscoDesk Phone 9871-
CiscoIp Phone 6821 With Multiplatform Firmware12.0\(5\)
CiscoIp Phone 6821-
CiscoIp Phone 6841 With Multiplatform Firmware12.0\(5\)
CiscoIp Phone 6841-
CiscoIp Phone 6851 With Multiplatform Firmware12.0\(5\)
CiscoIp Phone 6851-
CiscoIp Phone 6861 With Multiplatform Firmware12.0\(5\)
CiscoIp Phone 6861-
CiscoIp Phone 6871 With Multiplatform Firmware12.0\(5\)
CiscoIp Phone 6871-
CiscoIp Phone 7811 With Multiplatform Firmware12.0\(5\)
CiscoIp Phone 7811-

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2024-20534?

CVE-2024-20534 is a vulnerability with a CVSS score of 4.8 (MEDIUM). A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, re...

How severe is CVE-2024-20534?

CVE-2024-20534 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-20534?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Desk Phone 9841 With Multiplatform Firmware, Cisco Desk Phone 9841, Cisco Desk Phone 9851 With Multiplatform Firmware, Cisco Desk Phone 9851, Cisco Desk Phone 9861 With Multiplatform Firmware.