CVE-2024-20533

Summary

CVE-2024-20533 is a stored cross-site scripting (XSS) vulnerability affecting the web UI of Cisco Desk Phone 9800 Series, IP Phone 6800, 7800, and 8800 Series, and Video Phone 8875 with Cisco Multiplatform Firmware. An authenticated, remote attacker can exploit this vulnerability by injecting malicious code into specific pages of the interface, allowing them to execute arbitrary script code or access sensitive browser-based information. This vulnerability arises from the web UI of affected devices failing to validate user-supplied input properly. To exploit this issue, Web Access must be enabled on the phone, and the attacker requires Admin credentials. By default, Web Access is disabled.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.