VDB
CVE-2024-20445
CVE-2024-20445
PUBLISHED
Es besteht eine Schwachstelle in Cisco IP Phone. Dieser Fehler existiert wegen der unsachgemäßen Speicherung sensibler Informationen innerhalb der Web-UI von SIP-basierten Telefonen. Ein anonymer Angreifer kann diese Schwachstelle ausnutzen, um vertrauliche Informationen offenzulegen, indem er die IP-Adresse eines Geräts aufruft, auf dem Web Access aktiviert ist.
EPSS 0.90% · 76.0th percentile
Risk Scores
EPSS Score
0.90%
76.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco IP Phone Video Phone 8875 <3.2(1) | |
| Cisco | Cisco IP Phone Desk Phone 9800 Series <3.2(1) | |
| Cisco | Cisco IP Phone IP Phone 7800 and 8800 Series <14.3(1) | |
| Cisco | Cisco IP Phone IP Phone 6800, 7800, and 8800 SeriesSeries <12.0.6 |
Exploit Intelligence
- CIRCL seen: CVE-2024-20445 (circl-sighting)
- CIRCL seen: CVE-2024-20445 (circl-sighting)
- CIRCL seen: CVE-2024-20445 (circl-sighting)
- CIRCL seen: CVE-2024-20445 (circl-sighting)
- cisco-sa-phone-infodisc-sbyqQVbG (circl)
Timeline
- Nov 6, 2024 Coalition ESS Score
- Nov 6, 2024 CVE Published
- Nov 6, 2024 PoC Published
- Nov 6, 2024 CVE Updated
- Nov 7, 2024 EPSS Score
- Nov 7, 2024 PoC Published
- Nov 7, 2024 PoC Published
- Nov 7, 2024 PoC Published
- Nov 25, 2024 EPSS Score
- Dec 14, 2024 EPSS Score
- Jan 1, 2025 EPSS Score
- Jan 18, 2025 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3360.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3360 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG advisory