Cisco IP Phones Vulnerability - 20240503002

Overview

Multiple vulnerabilities in Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition, gain unauthorized access, or view sensitive information on an affected system.

What is vulnerable?

CVE	Severity	CVSS	Product(s) Affected	Dated
CVE-2024-20376	High	7.5	IP Phone 6800, 7800, and 8800 Multiplatform Firmware versions 2.0.4 and earlier Video Phone 8875 version 2.3.1.001 and earlier	01/05/2024

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):

• Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Vulnerabilities

Additional References

• https://www.tenable.com/cve/CVE-2024-20376