CVE-2024-20378 - Vulnerability Details

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device.

This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00797.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Cisco

Cisco IP Phones with Multiplatform Firmware

affected

Version	Status	Constraints
`11.3.1 MSR2-6`	affected	—
`11.3.1 MSR3-3`	affected	—
`11.3.2`	affected	—
`11.3.3`	affected	—
`11.3.1 MSR4-1`	affected	—
`11.3.4`	affected	—
`11.3.5`	affected	—
`11.3.3 MSR2`	affected	—
`11.3.3 MSR1`	affected	—
`11.3.6`	affected	—
`11-3-1MPPSR4UPG`	affected	—
`11.3.7`	affected	—
`11-3-1MSR2UPG`	affected	—
`11.3.6SR1`	affected	—
`11.3.7SR1`	affected	—
`11.3.7SR2`	affected	—
`11.0.0`	affected	—
`11.0.1`	affected	—
`11.0.1 MSR1-1`	affected	—
`11.0.2`	affected	—
`11.1.1`	affected	—
`11.1.1 MSR1-1`	affected	—
`11.1.1 MSR2-1`	affected	—
`11.1.2`	affected	—
`11.1.2 MSR1-1`	affected	—
`11.1.2 MSR3-1`	affected	—
`11.2.1`	affected	—
`11.2.2`	affected	—
`11.2.3`	affected	—
`11.2.3 MSR1-1`	affected	—
`11.2.4`	affected	—
`11.3.1`	affected	—
`11.3.1 MSR1-3`	affected	—
`4.5`	affected	—
`4.6 MSR1`	affected	—
`4.7.1`	affected	—
`4.8.1`	affected	—
`4.8.1 SR1`	affected	—
`5.0.1`	affected	—
`12.0.1`	affected	—
`12.0.2`	affected	—
`12.0.3`	affected	—
`12.0.3SR1`	affected	—
`12.0.4`	affected	—
`5.1.1`	affected	—
`5.1.2`	affected	—
`5.1(2)SR1`	affected	—

Cisco

Cisco PhoneOS

affected

Version	Status	Constraints
`1.0.1`	affected	—
`2.1.1`	affected	—
`2.0.1`	affected	—
`2.3.1`	affected	—

Configuration 1 [-]

AND

OR	cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:12.0.4:-::::::

cpe:2.3:h:cisco:ip_phone_6821:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:12.0.4:-::::::

cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:12.0.4:-::::::

cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

OR	cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:12.0.4:-::::::

cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

OR	cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:12.0.4:-::::::

cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

OR	cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:12.0.4:-::::::

cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

OR	cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:12.0.4:-::::::

cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

OR	cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:12.0.4:-::::::

cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

OR	cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:12.0.4:-::::::

cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

OR	cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:12.0.4:-::::::

cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

OR	cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:12.0.4:-::::::

cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

OR	cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:12.0.4:-::::::

cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

OR	cpe:2.3:o:cisco:ip_phone_8851nr_with_multiplatform_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_8851nr_with_multiplatform_firmware:12.0.4:-::::::

cpe:2.3:h:cisco:ip_phone_8851nr:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

OR	cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware::::::::
	cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:12.0.4:-::::::

cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:cisco:video_phone_8875_with_multiplatform_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Cisco Subscribe	Ip Phone 6821 Subscribe Ip Phone 6821 With Multiplatform Firmware Subscribe Ip Phone 6841 Subscribe Ip Phone 6841 With Multiplatform Firmware Subscribe Ip Phone 6851 Subscribe Ip Phone 6851 With Multiplatform Firmware Subscribe Ip Phone 6861 Subscribe Ip Phone 6861 With Multiplatform Firmware Subscribe Ip Phone 6871 Subscribe Ip Phone 6871 With Multiplatform Firmware Subscribe Ip Phone 7811 Subscribe Ip Phone 7811 With Multiplatform Firmware Subscribe Ip Phone 7821 Subscribe Ip Phone 7821 With Multiplatform Firmware Subscribe Ip Phone 7841 Subscribe Ip Phone 7841 With Multiplatform Firmware Subscribe Ip Phone 7861 Subscribe Ip Phone 7861 With Multiplatform Firmware Subscribe Ip Phone 8811 Subscribe Ip Phone 8811 With Multiplatform Firmware Subscribe Ip Phone 8841 Subscribe Ip Phone 8841 With Multiplatform Firmware Subscribe Ip Phone 8851 Subscribe Ip Phone 8851 With Multiplatform Firmware Subscribe Ip Phone 8851nr Subscribe Ip Phone 8851nr With Multiplatform Firmware Subscribe Ip Phone 8861 Subscribe Ip Phone 8861 With Multiplatform Firmware Subscribe Video Phone 8875 Subscribe Video Phone 8875 With Multiplatform Firmware Subscribe

Advisories

Source	ID	Title
EUVD	EUVD-2024-18093	A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS

History

Mon, 05 Jan 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cisco Cisco ip Phone 6821 Cisco ip Phone 6821 With Multiplatform Firmware Cisco ip Phone 6841 Cisco ip Phone 6841 With Multiplatform Firmware Cisco ip Phone 6851 Cisco ip Phone 6851 With Multiplatform Firmware Cisco ip Phone 6861 Cisco ip Phone 6861 With Multiplatform Firmware Cisco ip Phone 6871 Cisco ip Phone 6871 With Multiplatform Firmware Cisco ip Phone 7811 Cisco ip Phone 7811 With Multiplatform Firmware Cisco ip Phone 7821 Cisco ip Phone 7821 With Multiplatform Firmware Cisco ip Phone 7841 Cisco ip Phone 7841 With Multiplatform Firmware Cisco ip Phone 7861 Cisco ip Phone 7861 With Multiplatform Firmware Cisco ip Phone 8811 Cisco ip Phone 8811 With Multiplatform Firmware Cisco ip Phone 8841 Cisco ip Phone 8841 With Multiplatform Firmware Cisco ip Phone 8851 Cisco ip Phone 8851 With Multiplatform Firmware Cisco ip Phone 8851nr Cisco ip Phone 8851nr With Multiplatform Firmware Cisco ip Phone 8861 Cisco ip Phone 8861 With Multiplatform Firmware Cisco video Phone 8875 Cisco video Phone 8875 With Multiplatform Firmware
CPEs		cpe:2.3:h:cisco:ip_phone_6821:-:::::::* cpe:2.3:h:cisco:ip_phone_6841:-:::::::* cpe:2.3:h:cisco:ip_phone_6851:-:::::::* cpe:2.3:h:cisco:ip_phone_6861:-:::::::* cpe:2.3:h:cisco:ip_phone_6871:-:::::::* cpe:2.3:h:cisco:ip_phone_7811:-:::::::* cpe:2.3:h:cisco:ip_phone_7821:-:::::::* cpe:2.3:h:cisco:ip_phone_7841:-:::::::* cpe:2.3:h:cisco:ip_phone_7861:-:::::::* cpe:2.3:h:cisco:ip_phone_8811:-:::::::* cpe:2.3:h:cisco:ip_phone_8841:-:::::::* cpe:2.3:h:cisco:ip_phone_8851:-:::::::* cpe:2.3:h:cisco:ip_phone_8851nr:-:::::::* cpe:2.3:h:cisco:ip_phone_8861:-:::::::* cpe:2.3:h:cisco:video_phone_8875:-:::::::* cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:::::::: cpe:2.3:o:cisco:ip_phone_6821_with_multiplatform_firmware:12.0.4:-:::::: cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:::::::: cpe:2.3:o:cisco:ip_phone_6841_with_multiplatform_firmware:12.0.4:-:::::: cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:::::::: cpe:2.3:o:cisco:ip_phone_6851_with_multiplatform_firmware:12.0.4:-:::::: cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:::::::: cpe:2.3:o:cisco:ip_phone_6861_with_multiplatform_firmware:12.0.4:-:::::: cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:::::::: cpe:2.3:o:cisco:ip_phone_6871_with_multiplatform_firmware:12.0.4:-:::::: cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:::::::: cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:12.0.4:-:::::: cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:::::::: cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:12.0.4:-:::::: cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:::::::: cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:12.0.4:-:::::: cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:::::::: cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:12.0.4:-:::::: cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:::::::: cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:12.0.4:-:::::: cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:::::::: cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:12.0.4:-:::::: cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:::::::: cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:12.0.4:-:::::: cpe:2.3:o:cisco:ip_phone_8851nr_with_multiplatform_firmware:::::::: cpe:2.3:o:cisco:ip_phone_8851nr_with_multiplatform_firmware:12.0.4:-:::::: cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:::::::: cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:12.0.4:-:::::: cpe:2.3:o:cisco:video_phone_8875_with_multiplatform_firmware::::::::
Vendors & Products		Cisco Cisco ip Phone 6821 Cisco ip Phone 6821 With Multiplatform Firmware Cisco ip Phone 6841 Cisco ip Phone 6841 With Multiplatform Firmware Cisco ip Phone 6851 Cisco ip Phone 6851 With Multiplatform Firmware Cisco ip Phone 6861 Cisco ip Phone 6861 With Multiplatform Firmware Cisco ip Phone 6871 Cisco ip Phone 6871 With Multiplatform Firmware Cisco ip Phone 7811 Cisco ip Phone 7811 With Multiplatform Firmware Cisco ip Phone 7821 Cisco ip Phone 7821 With Multiplatform Firmware Cisco ip Phone 7841 Cisco ip Phone 7841 With Multiplatform Firmware Cisco ip Phone 7861 Cisco ip Phone 7861 With Multiplatform Firmware Cisco ip Phone 8811 Cisco ip Phone 8811 With Multiplatform Firmware Cisco ip Phone 8841 Cisco ip Phone 8841 With Multiplatform Firmware Cisco ip Phone 8851 Cisco ip Phone 8851 With Multiplatform Firmware Cisco ip Phone 8851nr Cisco ip Phone 8851nr With Multiplatform Firmware Cisco ip Phone 8861 Cisco ip Phone 8861 With Multiplatform Firmware Cisco video Phone 8875 Cisco video Phone 8875 With Multiplatform Firmware

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2024-05-01T16:41:52.385Z

Updated: 2024-08-01T21:59:42.451Z

Reserved: 2023-11-08T15:08:07.655Z

Link: CVE-2024-20378

Vulnrichment

Updated: 2024-08-01T21:59:42.451Z

NVD

Status : Analyzed

Published: 2024-05-01T17:15:28.660

Modified: 2026-01-05T14:58:02.673

Link: CVE-2024-20378

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-305

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object