CVE-2024-20357 - OpenCVE

A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS

History

No history.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-05-01T16:36:53.907Z

Updated: 2024-08-01T21:59:42.103Z

Reserved: 2023-11-08T15:08:07.649Z

Link: CVE-2024-20357

Vulnrichment

Updated: 2024-08-01T21:59:42.103Z

NVD

Status : Awaiting Analysis

Published: 2024-05-01T17:15:28.143

Modified: 2024-05-01T19:50:25.633

Link: CVE-2024-20357

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-20357", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "state": "PUBLISHED", "assignerShortName": "cisco", "dateReserved": "2023-11-08T15:08:07.649Z", "datePublished": "2024-05-01T16:36:53.907Z", "dateUpdated": "2024-08-01T21:59:42.103Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-05-01T16:36:53.907Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. \r\n\r This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device."}], "affected": [{"vendor": "Cisco", "product": "Cisco IP Phones with Multiplatform Firmware", "versions": [{"version": "11.3.1 MSR2-6", "status": "affected"}, {"version": "11.3.1 MSR3-3", "status": "affected"}, {"version": "11.3.2", "status": "affected"}, {"version": "11.3.3", "status": "affected"}, {"version": "11.3.1 MSR4-1", "status": "affected"}, {"version": "11.3.4", "status": "affected"}, {"version": "11.3.5", "status": "affected"}, {"version": "11.3.3 MSR2", "status": "affected"}, {"version": "11.3.3 MSR1", "status": "affected"}, {"version": "11.3.6", "status": "affected"}, {"version": "11-3-1MPPSR4UPG", "status": "affected"}, {"version": "11.3.7", "status": "affected"}, {"version": "11-3-1MSR2UPG", "status": "affected"}, {"version": "11.3.6SR1", "status": "affected"}, {"version": "11.3.7SR1", "status": "affected"}, {"version": "11.3.7SR2", "status": "affected"}, {"version": "11.0.0", "status": "affected"}, {"version": "11.0.1", "status": "affected"}, {"version": "11.0.1 MSR1-1", "status": "affected"}, {"version": "11.0.2", "status": "affected"}, {"version": "11.1.1", "status": "affected"}, {"version": "11.1.1 MSR1-1", "status": "affected"}, {"version": "11.1.1 MSR2-1", "status": "affected"}, {"version": "11.1.2", "status": "affected"}, {"version": "11.1.2 MSR1-1", "status": "affected"}, {"version": "11.1.2 MSR3-1", "status": "affected"}, {"version": "11.2.1", "status": "affected"}, {"version": "11.2.2", "status": "affected"}, {"version": "11.2.3", "status": "affected"}, {"version": "11.2.3 MSR1-1", "status": "affected"}, {"version": "11.2.4", "status": "affected"}, {"version": "11.3.1", "status": "affected"}, {"version": "11.3.1 MSR1-3", "status": "affected"}, {"version": "4.5", "status": "affected"}, {"version": "4.6 MSR1", "status": "affected"}, {"version": "4.7.1", "status": "affected"}, {"version": "4.8.1", "status": "affected"}, {"version": "4.8.1 SR1", "status": "affected"}, {"version": "5.0.1", "status": "affected"}, {"version": "12.0.1", "status": "affected"}, {"version": "12.0.2", "status": "affected"}, {"version": "12.0.3", "status": "affected"}, {"version": "12.0.3SR1", "status": "affected"}, {"version": "12.0.4", "status": "affected"}, {"version": "5.1.1", "status": "affected"}, {"version": "5.1.2", "status": "affected"}, {"version": "5.1(2)SR1", "status": "affected"}]}, {"vendor": "Cisco", "product": "Cisco PhoneOS", "versions": [{"version": "1.0.1", "status": "affected"}, {"version": "2.1.1", "status": "affected"}, {"version": "2.0.1", "status": "affected"}, {"version": "2.3.1", "status": "affected"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "type": "cwe", "cweId": "CWE-787"}]}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS", "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS"}], "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "source": {"advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS", "discovery": "EXTERNAL", "defects": ["CSCwi64082", "CSCwi64064"]}}, "adp": [{"affected": [{"vendor": "cisco", "product": "ip_phone_6871_with_multiplatform_firmware", "cpes": ["cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "12.0.4", "versionType": "custom"}]}, {"vendor": "cisco", "product": "ip_phone_6821_with_multiplatform_firmware", "cpes": ["cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "12.0.4", "versionType": "custom"}]}, {"vendor": "cisco", "product": "ip_phone_6851_with_multiplatform_firmware", "cpes": ["cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "12.0.4", "versionType": "custom"}]}, {"vendor": "cisco", "product": "ip_phone_7821_with_multiplatform_firmware", "cpes": ["cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "12.0.4", "versionType": "custom"}]}, {"vendor": "cisco", "product": "ip_phone_6861_with_multiplatform_firmware", "cpes": ["cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "12.0.4", "versionType": "custom"}]}, {"vendor": "cisco", "product": "ip_phone_6825_with_multiplatform_firmware", "cpes": ["cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "12.0.4", "versionType": "custom"}]}, {"vendor": "cisco", "product": "ip_phone_6841_with_multiplatform_firmware", "cpes": ["cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "12.0.4", "versionType": "custom"}]}, {"vendor": "cisco", "product": "ip_phone_7811_with_multiplatform_firmware", "cpes": ["cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "12.0.4", "versionType": "custom"}]}, {"vendor": "cisco", "product": "ip_phone_7841_with_multiplatform_firmware", "cpes": ["cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "12.0.4", "versionType": "custom"}]}, {"vendor": "cisco", "product": "ip_phone_7861_with_multiplatform_firmware", "cpes": ["cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "12.0.4", "versionType": "custom"}]}, {"vendor": "cisco", "product": "ip_phone_8800_series_with_multiplatform_firmware", "cpes": ["cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "12.0.4", "versionType": "custom"}]}, {"vendor": "cisco", "product": "video_phone_8875_firmware", "cpes": ["cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "12.0.4", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-01T20:55:26.843678Z", "id": "CVE-2024-20357", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-06T13:45:13.942Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:59:42.103Z"}, "title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS", "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS", "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:59:42.103Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-20357", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-01T20:55:26.843678Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:cisco:ip_phone_6871_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "ip_phone_6871_with_multiplatform_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "12.0.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:ip_phone_6821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "ip_phone_6821_with_multiplatform_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "12.0.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:ip_phone_6851_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "ip_phone_6851_with_multiplatform_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "12.0.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "ip_phone_7821_with_multiplatform_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "12.0.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:ip_phone_6861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "ip_phone_6861_with_multiplatform_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "12.0.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:ip_phone_6825_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "ip_phone_6825_with_multiplatform_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "12.0.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:ip_phone_6841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "ip_phone_6841_with_multiplatform_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "12.0.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "ip_phone_7811_with_multiplatform_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "12.0.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "ip_phone_7841_with_multiplatform_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "12.0.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "ip_phone_7861_with_multiplatform_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "12.0.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:cisco:ip_phone_8800_series_with_multiplatform_firmware:*:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "ip_phone_8800_series_with_multiplatform_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "12.0.4"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*"], "vendor": "cisco", "product": "video_phone_8875_firmware", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "12.0.4"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-01T20:57:34.467Z"}}], "cna": {"source": {"defects": ["CSCwi64082", "CSCwi64064"], "advisory": "cisco-sa-ipphone-multi-vulns-cXAhCvS", "discovery": "EXTERNAL"}, "metrics": [{"format": "cvssV3_1", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "Cisco", "product": "Cisco IP Phones with Multiplatform Firmware", "versions": [{"status": "affected", "version": "11.3.1 MSR2-6"}, {"status": "affected", "version": "11.3.1 MSR3-3"}, {"status": "affected", "version": "11.3.2"}, {"status": "affected", "version": "11.3.3"}, {"status": "affected", "version": "11.3.1 MSR4-1"}, {"status": "affected", "version": "11.3.4"}, {"status": "affected", "version": "11.3.5"}, {"status": "affected", "version": "11.3.3 MSR2"}, {"status": "affected", "version": "11.3.3 MSR1"}, {"status": "affected", "version": "11.3.6"}, {"status": "affected", "version": "11-3-1MPPSR4UPG"}, {"status": "affected", "version": "11.3.7"}, {"status": "affected", "version": "11-3-1MSR2UPG"}, {"status": "affected", "version": "11.3.6SR1"}, {"status": "affected", "version": "11.3.7SR1"}, {"status": "affected", "version": "11.3.7SR2"}, {"status": "affected", "version": "11.0.0"}, {"status": "affected", "version": "11.0.1"}, {"status": "affected", "version": "11.0.1 MSR1-1"}, {"status": "affected", "version": "11.0.2"}, {"status": "affected", "version": "11.1.1"}, {"status": "affected", "version": "11.1.1 MSR1-1"}, {"status": "affected", "version": "11.1.1 MSR2-1"}, {"status": "affected", "version": "11.1.2"}, {"status": "affected", "version": "11.1.2 MSR1-1"}, {"status": "affected", "version": "11.1.2 MSR3-1"}, {"status": "affected", "version": "11.2.1"}, {"status": "affected", "version": "11.2.2"}, {"status": "affected", "version": "11.2.3"}, {"status": "affected", "version": "11.2.3 MSR1-1"}, {"status": "affected", "version": "11.2.4"}, {"status": "affected", "version": "11.3.1"}, {"status": "affected", "version": "11.3.1 MSR1-3"}, {"status": "affected", "version": "4.5"}, {"status": "affected", "version": "4.6 MSR1"}, {"status": "affected", "version": "4.7.1"}, {"status": "affected", "version": "4.8.1"}, {"status": "affected", "version": "4.8.1 SR1"}, {"status": "affected", "version": "5.0.1"}, {"status": "affected", "version": "12.0.1"}, {"status": "affected", "version": "12.0.2"}, {"status": "affected", "version": "12.0.3"}, {"status": "affected", "version": "12.0.3SR1"}, {"status": "affected", "version": "12.0.4"}, {"status": "affected", "version": "5.1.1"}, {"status": "affected", "version": "5.1.2"}, {"status": "affected", "version": "5.1(2)SR1"}]}, {"vendor": "Cisco", "product": "Cisco PhoneOS", "versions": [{"status": "affected", "version": "1.0.1"}, {"status": "affected", "version": "2.1.1"}, {"status": "affected", "version": "2.0.1"}, {"status": "affected", "version": "2.3.1"}]}], "exploits": [{"lang": "en", "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS", "name": "cisco-sa-ipphone-multi-vulns-cXAhCvS"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. \r\n\r This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "cwe", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2024-05-01T16:36:53.907Z"}}}, "cveMetadata": {"cveId": "CVE-2024-20357", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:59:42.103Z", "dateReserved": "2023-11-08T15:08:07.649Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2024-05-01T16:36:53.907Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}