Products
Cisco IP Phone firmware
Source
ykramarz@cisco.com
Tags
CVE-2024-20357 details
Published : May 1, 2024, 5:15 p.m.
Last Modified : May 1, 2024, 7:50 p.m.
Last Modified : May 1, 2024, 7:50 p.m.
Description
A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.
CVSS Score
| 1 | 2 | 3 | 4 | 5.9 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
5.9
Exploitability Score
Impact Score
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
References
| URL | Source |
|---|---|
| https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS | ykramarz@cisco.com |
This website uses the NVD API, but is not approved or certified by it.