CVE-2024-20445

{"id": "CVE-2024-20445", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-11-06T17:15:14.830", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG", "tags": ["Vendor Advisory"], "source": "psirt@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records.\r\nNote: Web Access is disabled by default."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de usuario web de los tel\u00e9fonos de escritorio Cisco de la serie 9800, los tel\u00e9fonos IP de la serie 7800 y 8800 de Cisco y el tel\u00e9fono con video Cisco 8875 podr\u00eda permitir que un atacante remoto no autenticado acceda a informaci\u00f3n confidencial en un dispositivo afectado. Esta vulnerabilidad se debe al almacenamiento inadecuado de informaci\u00f3n confidencial dentro de la interfaz de usuario web de las cargas de tel\u00e9fonos basadas en el protocolo de inicio de sesi\u00f3n (SIP). Un atacante podr\u00eda aprovechar esta vulnerabilidad navegando hasta la direcci\u00f3n IP de un dispositivo que tenga habilitado el acceso web. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante acceder a informaci\u00f3n confidencial, incluidos los registros de llamadas entrantes y salientes. Nota: el acceso web est\u00e1 deshabilitado de forma predeterminada."}], "lastModified": "2026-01-05T14:57:31.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:desk_phone_9841_firmware:3.1\\(1\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B9A280D-810C-4EC8-BB95-CBD973110119"}, {"criteria": "cpe:2.3:o:cisco:desk_phone_9841_firmware:3.1\\(1\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BF40685-7470-42B3-BA19-9E5E76853E24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:desk_phone_9841:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8176E19D-B625-4891-9018-F42228F1266B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:desk_phone_9851_firmware:3.1\\(1\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC1BAF58-DF67-431A-B5C6-B49D3F36058A"}, {"criteria": "cpe:2.3:o:cisco:desk_phone_9851_firmware:3.1\\(1\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8E088EE-4F58-4FE4-BE3F-BA98DEADD9CC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:desk_phone_9851:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "713F43A6-745A-4DAB-AD2D-3139E9E5C1A0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:desk_phone_9861_firmware:3.1\\(1\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02ACF18D-978D-442C-A374-EEE596958199"}, {"criteria": "cpe:2.3:o:cisco:desk_phone_9861_firmware:3.1\\(1\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C927E10-6C67-4D51-8520-8373289BCCF3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:desk_phone_9861:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A8D01D5F-4EAE-4547-AB41-44F7885491C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:desk_phone_9871_firmware:3.1\\(1\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B184E05F-7160-4B31-9ABD-612E56077869"}, {"criteria": "cpe:2.3:o:cisco:desk_phone_9871_firmware:3.1\\(1\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FBDDB5F-78B3-4AF7-A42A-423B1107EE5C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:desk_phone_9871:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D14CF47-7581-40E5-91A1-AC6BB5137358"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB40CA0C-A980-476E-BFD5-2DE8A11CC89E", "versionEndExcluding": "14.3\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_conference_phone_7832:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6592E7FE-346E-4923-97C2-F5298DC802A3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8831_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19D86855-2FE2-4BC0-AD23-42F459E9AE2A", "versionEndExcluding": "14.3\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_conference_phone_8831:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "71D931AB-034B-4061-9156-039010ECB648"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACBAA5BB-BF05-4FDE-B719-BF527F584608", "versionEndExcluding": "14.3\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F1010D16-DC6E-47A6-8BF9-C1026D975E3D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C71D54E-2D4A-4AA7-8E93-33214794B0B2", "versionEndExcluding": "14.3\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D27D332-69A3-4CFF-AE61-AAA6B31FAFC1", "versionEndExcluding": "14.3\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2072265-6A36-4DB7-8722-C288AFA695FB", "versionEndExcluding": "14.3\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D70C616-D775-41EB-BC7D-113F817B22EA", "versionEndExcluding": "14.3\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "371ABCD4-DF50-4815-B02C-38D0505874FD", "versionEndExcluding": "14.3\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0C291D5-EEF2-4CEF-9C2D-E4F067AEE5A5", "versionEndExcluding": "14.3\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50A18EDF-71F8-4B26-B5E7-1742831695E4", "versionEndExcluding": "14.3\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C56F335-2124-4806-8F30-9C67367BB44D", "versionEndExcluding": "14.3\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8851nr_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D47B048-D47B-45E1-BD25-C19A6B7CC55A", "versionEndExcluding": "14.3\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8851nr:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "23BB2274-7668-4B80-9FF2-EC724C44685B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "196320B1-DC92-4D24-A34F-C1287B8382BE", "versionEndExcluding": "14.3\\(1\\)"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C76337A0-E138-4227-A0F1-9CF635EECC14", "versionEndExcluding": "2.3\\(1\\)"}, {"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\\(1\\):-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41019D10-27B9-4DA6-9DF3-780D0A7EE75C"}, {"criteria": "cpe:2.3:o:cisco:video_phone_8875_firmware:2.3\\(1\\):sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "690E8866-FF2F-4C72-8510-1E587B535A42"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:video_phone_8875:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CC9019DD-6941-42F3-8B66-1F3CDDDA86E7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@cisco.com"}