CVE-2024-20357

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Published May 1, 2024

CWE ID 787

Summary

CVE-2024-20357 is a vulnerability affecting the XML service of Cisco IP Phone firmware. This issue allows unauthenticated, remote attackers to initiate phone calls on impacted devices. The root cause is insufficient bounds-checking during XML request parsing. An adversary can exploit this flaw by transmitting maliciously crafted XML packets to the target device, potentially leading to the execution of unwanted calls or the playing of unwanted sounds.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vti2yi
https://www.cve.org/CVERecord?id=CVE-2024-20357
https://nvd.nist.gov/vuln/detail/CVE-2024-20357

Back to Vulnerability Database

CVE-2024-20357

CVSS 3.1 Score 5.9 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations