CiscoCVE-2024-20376CVE-2024-20376
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.
CNA Affected
[
{
"vendor": "Cisco",
"product": "Cisco IP Phones with Multiplatform Firmware",
"versions": [
{
"version": "11.3.1 MSR2-6",
"status": "affected"
},
{
"version": "11.3.1 MSR3-3",
"status": "affected"
},
{
"version": "11.3.2",
"status": "affected"
},
{
"version": "11.3.3",
"status": "affected"
},
{
"version": "11.3.1 MSR4-1",
"status": "affected"
},
{
"version": "11.3.4",
"status": "affected"
},
{
"version": "11.3.5",
"status": "affected"
},
{
"version": "11.3.3 MSR2",
"status": "affected"
},
{
"version": "11.3.3 MSR1",
"status": "affected"
},
{
"version": "11.3.6",
"status": "affected"
},
{
"version": "11-3-1MPPSR4UPG",
"status": "affected"
},
{
"version": "11.3.7",
"status": "affected"
},
{
"version": "11-3-1MSR2UPG",
"status": "affected"
},
{
"version": "11.3.6SR1",
"status": "affected"
},
{
"version": "11.3.7SR1",
"status": "affected"
},
{
"version": "11.3.7SR2",
"status": "affected"
},
{
"version": "11.0.0",
"status": "affected"
},
{
"version": "11.0.1",
"status": "affected"
},
{
"version": "11.0.1 MSR1-1",
"status": "affected"
},
{
"version": "11.0.2",
"status": "affected"
},
{
"version": "11.1.1",
"status": "affected"
},
{
"version": "11.1.1 MSR1-1",
"status": "affected"
},
{
"version": "11.1.1 MSR2-1",
"status": "affected"
},
{
"version": "11.1.2",
"status": "affected"
},
{
"version": "11.1.2 MSR1-1",
"status": "affected"
},
{
"version": "11.1.2 MSR3-1",
"status": "affected"
},
{
"version": "11.2.1",
"status": "affected"
},
{
"version": "11.2.2",
"status": "affected"
},
{
"version": "11.2.3",
"status": "affected"
},
{
"version": "11.2.3 MSR1-1",
"status": "affected"
},
{
"version": "11.2.4",
"status": "affected"
},
{
"version": "11.3.1",
"status": "affected"
},
{
"version": "11.3.1 MSR1-3",
"status": "affected"
},
{
"version": "4.5",
"status": "affected"
},
{
"version": "4.6 MSR1",
"status": "affected"
},
{
"version": "4.7.1",
"status": "affected"
},
{
"version": "4.8.1",
"status": "affected"
},
{
"version": "4.8.1 SR1",
"status": "affected"
},
{
"version": "5.0.1",
"status": "affected"
},
{
"version": "12.0.1",
"status": "affected"
},
{
"version": "12.0.2",
"status": "affected"
},
{
"version": "12.0.3",
"status": "affected"
},
{
"version": "12.0.3SR1",
"status": "affected"
},
{
"version": "12.0.4",
"status": "affected"
},
{
"version": "5.1.1",
"status": "affected"
},
{
"version": "5.1.2",
"status": "affected"
},
{
"version": "5.1(2)SR1",
"status": "affected"
}
]
},
{
"vendor": "Cisco",
"product": "Cisco PhoneOS",
"versions": [
{
"version": "1.0.1",
"status": "affected"
},
{
"version": "2.1.1",
"status": "affected"
},
{
"version": "2.0.1",
"status": "affected"
},
{
"version": "2.3.1",
"status": "affected"
}
]
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%