Multiple vulnerabilities in Cisco IP Phone 6800, 7800 and 8800 Series with Multiplatform Firmware

1) XML External Entity injection

EUVDB-ID: #VU89097

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20357

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to initiate phone calls on the target device.

The vulnerability exists due to insufficient validation of user-supplied XML input. A remote attacker can pass a specially crafted XML code to the affected application and initiate calls or play sounds on the target device.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IP Phone 6800 Series with Multiplatform Firmware: 12.0.4

IP Phone 7800 Series with Multiplatform Firmware: 12.0.4

Cisco IP Phone 8800 Series with Multiplatform Firmware: 12.0.4

Video Phone 8875 in Multiplatform Mode: 2.3.1.001

External links

http://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU89098

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20376

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the web-based management interface. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IP Phone 6800 Series with Multiplatform Firmware: 12.0.4

IP Phone 7800 Series with Multiplatform Firmware: 12.0.4

Cisco IP Phone 8800 Series with Multiplatform Firmware: 12.0.4

Video Phone 8875 in Multiplatform Mode: 2.3.1.001

External links

http://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Authentication Bypass by Primary Weakness

EUVDB-ID: #VU89099

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-20378

CWE-ID: CWE-305 - Authentication Bypass by Primary Weakness

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a lack of authentication for specific endpoints of the web-based management interface. A remote attacker can gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

IP Phone 6800 Series with Multiplatform Firmware: 12.0.4

IP Phone 7800 Series with Multiplatform Firmware: 12.0.4

Cisco IP Phone 8800 Series with Multiplatform Firmware: 12.0.4

Video Phone 8875 in Multiplatform Mode: 2.3.1.001

External links

http://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-multi-vulns-cXAhCvS

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.