CVE-2024-20534
Last modified
CVE-2024-20534 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users. This vulnerability exists because the web UI of an affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users. This vulnerability exists because the web UI of an affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Note: To exploit this vulnerability, Web Access must be enabled on the phone and the attacker must have Admin credentials on the device. Web Access is disabled by default.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Cisco | Desk Phone 9841 With Multiplatform Firmware | 3.1\(1\) | — |
| Cisco | Desk Phone 9851 With Multiplatform Firmware | 3.1\(1\) | — |
| Cisco | Desk Phone 9861 With Multiplatform Firmware | 3.1\(1\) | — |
| Cisco | Desk Phone 9871 With Multiplatform Firmware | 3.1\(1\) | — |
| Cisco | Ip Phone 6821 With Multiplatform Firmware | 12.0\(5\) | Sr1 |
| Cisco | Ip Phone 6841 With Multiplatform Firmware | 12.0\(5\) | Sr1 |
| Cisco | Ip Phone 6851 With Multiplatform Firmware | 12.0\(5\) | Sr1 |
| Cisco | Ip Phone 6861 With Multiplatform Firmware | 12.0\(5\) | Sr1 |
| Cisco | Ip Phone 6871 With Multiplatform Firmware | 12.0\(5\) | Sr1 |
| Cisco | Ip Phone 7811 With Multiplatform Firmware | 12.0\(5\) | Sr1 |
| Cisco | Ip Phone 7821 With Multiplatform Firmware | 12.0\(5\) | Sr1 |
| Cisco | Ip Phone 7832 With Multiplatform Firmware | 12.0\(5\) | Sr1 |
| Cisco | Ip Phone 7841 With Multiplatform Firmware | 12.0\(5\) | Sr1 |
| Cisco | Ip Phone 7861 With Multiplatform Firmware | 12.0\(5\) | Sr1 |
| Cisco | Ip Phone 8811 With Multiplatform Firmware | 12.0\(5\) | Sr1 |
| Cisco | Ip Phone 8832 With Multiplatform Firmware | 12.0\(5\) | Sr1 |
| Cisco | Ip Phone 8841 With Multiplatform Firmware | 12.0\(5\) | Sr1 |
| Cisco | Ip Phone 8845 With Multiplatform Firmware | 12.0\(5\) | Sr1 |
| Cisco | Ip Phone 8851 With Multiplatform Firmware | 12.0\(5\) | Sr1 |
| Cisco | Ip Phone 8861 With Multiplatform Firmware | 12.0\(5\) | Sr1 |
| Cisco | Ip Phone 8865 With Multiplatform Firmware | 12.0\(5\) | Sr1 |
| Cisco | Video Phone 8875 With Multiplatform Firmware | < 2.3\(1\) | — |
| Cisco | Video Phone 8875 With Multiplatform Firmware | 2.3\(1\) | — |
| Cisco | Ip Phone 8831 With Multiplatform Firmware | All versions | — |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-20534?
How severe is CVE-2024-20534?
How do I fix CVE-2024-20534?
Are you affected by CVE-2024-20534?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST