Vulnslist

find the latest Cisco vulnerabilities

Cisco 7800, 8800, and 9800 Series Phones Information Disclosure Vulnerability

cisco-sa-phone-infodisc-sbyqQVbG · Medium · Published · Updated

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records. Note: Web Access is disabled by default. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2024-20445
Cisco Bug IDsCSCwk25862, CSCwk25869, CSCwk25863, CSCwk32410
CVSS ScoreBase 5.3
Base 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco Session Initiation Protocol (SIP) Software

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Session Initiation Protocol (SIP) Software known_affected cisco_csaf CVE-2024-20445 1

Related Products

Product CVE Evidence
Cisco IP phone CVE-2024-20445 Cisco OpenVuln
Cisco Session Initiation Protocol (SIP) Software CVE-2024-20445 Cisco CSAF
Cisco 8000 Series Routers CVE-2024-20445 Cisco OpenVuln