May 28, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Severe GitLab Password Reset Vulnerability Actively Exploited
May 2, 2024
ZLoader Malware Upgrades Using Anti-Analysis Technique from Zeus Banking Trojan – Active IOCs
May 2, 2024
Severe GitLab Password Reset Vulnerability Actively Exploited
May 2, 2024
ZLoader Malware Upgrades Using Anti-Analysis Technique from Zeus Banking Trojan – Active IOCs
May 2, 2024
Severity
High
Analysis Summary
CVE-2024-20376 CVSS:7.5
Cisco IP Phone is vulnerable to a denial of service, caused by improper validation of user-supplied input. By sending a specially crafted request to the web-based management interface, a remote attacker could exploit this vulnerability to cause the device to reload.
CVE-2024-20378 CVSS:7.5
Cisco IP Phone could allow a remote attacker to obtain sensitive information, caused by the lack of authentication for specific endpoints of the web-based management interface. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Denial of Service
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-20376
- CVE-2024-20378
Affected Vendors
Cisco
Affected Products
- Cisco IP Phone 6800 Series Phones with Multiplatform Firmware
- Cisco IP Phone 7800 Series Phones with Multiplatform Firmware
- Cisco IP Phone 8800 Series Phones with Multiplatform Firmware
- Cisco Video Phone 8875 in Multiplatform Mode
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.
