March 10, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Emails from Reliable Sources Being Spoofed by North Korean Kimsuky APT
May 7, 2024Critical Tinyproxy Vulnerability Allows Remote Code Execution on Almost 50,000 Hosts
May 7, 2024Emails from Reliable Sources Being Spoofed by North Korean Kimsuky APT
May 7, 2024Critical Tinyproxy Vulnerability Allows Remote Code Execution on Almost 50,000 Hosts
May 7, 2024
Severity
Medium
Analysis Summary
CVE-2024-20357
Cisco IP Phone could allow a remote attacker to bypass security restrictions, caused by improper bounds-checking while parsing XML requests. By sending a specially crafted XML request, an attacker could exploit this vulnerability to initiate calls or play sounds on the device.
Impact
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-20357
Affected Vendors
Cisco
Affected Products
- Cisco IP Phone 6800 Series Phones with Multiplatform Firmware
- Cisco IP Phone 7800 Series Phones with Multiplatform Firmware
- Cisco IP Phone 8800 Series Phones with Multiplatform Firmware
- Cisco Video Phone 8875 in Multiplatform Mode
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.