GHSA-49gp-r5pw-pqg8

Опубликовано: 01 мая 2024

Источник: github

Github: Не прошло ревью

CVSS3: 5.9

Описание

A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device.

This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.

A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device.

Ссылки

EPSS

Процентиль: 72%

0.00737

Низкий

5.9 Medium

CVSS3

CVE ID

CVE-2024-20357

Дефекты

CWE-787

Связанные уязвимости

CVE-2024-20357

CVSS3: 5.9

nvd

почти 2 года назад

A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.

BDU:2024-03817

CVSS3: 5.3

fstec

почти 2 года назад

Уязвимость веб-интерфейса управления микропрограммного обеспечения IP-телефонов Cisco IP Phone 6800, Cisco IP Phone 7800, Cisco IP Phone 8800 и Cisco Video Phone 8875, позволяющая нарушителю инициировать телефонные звонки на уязвимом устройстве

EPSS

Процентиль: 72%

0.00737

Низкий

5.9 Medium

CVSS3

CVE ID

CVE-2024-20357

Дефекты

CWE-787