Severity
Medium
Analysis Summary
CVE-2024-20357
Cisco IP Phone could allow a remote attacker to bypass security restrictions, caused by improper bounds-checking while parsing XML requests. By sending a specially crafted XML request, an attacker could exploit this vulnerability to initiate calls or play sounds on the device.
Impact
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-20357
Affected Vendors
Cisco
Affected Products
- Cisco IP Phone 6800 Series Phones with Multiplatform Firmware
- Cisco IP Phone 7800 Series Phones with Multiplatform Firmware
- Cisco IP Phone 8800 Series Phones with Multiplatform Firmware
- Cisco Video Phone 8875 in Multiplatform Mode
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.