CVE-2024-20376
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
01/05/2024
Last modified:
05/01/2026
Description
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. <br />
<br />
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:* | 2.3.1.0101 (excluding) | |
| cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:* | 12.0.4 (including) | |
| cpe:2.3:h:cisco:ip_phone_6821:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:* | 12.0.4 (including) | |
| cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:* | 12.0.4 (including) | |
| cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:* | 12.0.4 (including) | |
| cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:* | 12.0.4 (including) | |
| cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:* | 12.0.4 (including) | |
| cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:* | 12.0.4 (including) |
To consult the complete list of CPE names with products and versions, see this page