CVE-2024-20378

None

Description

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.

INFO

Published Date :

2024-05-01T16:41:52.385Z

Last Modified :

2024-08-01T21:59:42.451Z

Source :

cisco

AFFECTED PRODUCTS

The following products are affected by CVE-2024-20378 vulnerability.

Vendors	Products
Cisco	Ip Phone 6821 Ip Phone 6821 With Multiplatform Firmware Ip Phone 6841 Ip Phone 6841 With Multiplatform Firmware Ip Phone 6851 Ip Phone 6851 With Multiplatform Firmware Ip Phone 6861 Ip Phone 6861 With Multiplatform Firmware Ip Phone 6871 Ip Phone 6871 With Multiplatform Firmware Ip Phone 7811 Ip Phone 7811 With Multiplatform Firmware Ip Phone 7821 Ip Phone 7821 With Multiplatform Firmware Ip Phone 7841 Ip Phone 7841 With Multiplatform Firmware Ip Phone 7861 Ip Phone 7861 With Multiplatform Firmware Ip Phone 8811 Ip Phone 8811 With Multiplatform Firmware Ip Phone 8841 Ip Phone 8841 With Multiplatform Firmware Ip Phone 8851 Ip Phone 8851 With Multiplatform Firmware Ip Phone 8851nr Ip Phone 8851nr With Multiplatform Firmware Ip Phone 8861 Ip Phone 8861 With Multiplatform Firmware Video Phone 8875 Video Phone 8875 With Multiplatform Firmware

Vendors

Products

Cisco