CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2024-20376
https://notcve.org/view.php?id=CVE-2024-20376
01 May 2024 — A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload. Una vulnerabilid... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2024-20378
https://notcve.org/view.php?id=CVE-2024-20378
01 May 2024 — A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the r... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS • CWE-305: Authentication Bypass by Primary Weakness •
CVSS: 5.9EPSS: 0%CPEs: 30EXPL: 0CVE-2024-20357
https://notcve.org/view.php?id=CVE-2024-20357
01 May 2024 — A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device. Una vulnerabilidad en el servicio XML del firmware del teléfono IP ... • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS • CWE-787: Out-of-bounds Write •