- 132/2024
- High
Cisco has released security updates to fix several vulnerabilities in Cisco IP Phone firmware.
The addressed vulnerabilities could allow the unauthenticated, remote attacker to perform denial of service attacks, gain unauthorized access, or obtain sensitive information from the affected system.
Sample of the addressed vulnerabilities:
1. Cisco IP Phone Denial of Service Vulnerability (CVE-2024-20376):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial Of Service
2. Cisco IP Phone Information Disclosure Vulnerability (CVE-2024-20378):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
Affected products:
- IP Phone 6800 Series with Multiplatform Firmware.
- IP Phone 7800 Series with Multiplatform Firmware.
- IP Phone 8800 Series with Multiplatform Firmware.
- Video Phone 8875 in Multiplatform Mode.
Vulnerabilities
- CVE-2024-20357
- CVE-2024-20376
- CVE-2024-20378
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.