CVE-2024-20445

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 6, 2024
CWE ID 200

Summary

CVE-2024-20445 is a vulnerability impacting the web UI of Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875. It allows unauthenticated, remote attackers to access sensitive information, such as call records, due to improper storage of such data within the SIP-based phones' web interfaces. An attacker can exploit this issue by navigating to an affected device's IP address with Web Access enabled. Notably, Web Access is disabled by default.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Video Phone 8875

Affected Vendors

  • Cisco Systems Inc