cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-20376,https://securityvulnerability.io/vulnerability/CVE-2024-20376,Cisco IP Phone Firmware Vulnerability Could Lead to DoS Condition,"A vulnerability has been identified in the web-based management interface of Cisco IP Phone firmware that exposes devices to potential denial of service attacks. Due to inadequate validation of user-supplied input, an unauthenticated remote attacker may craft a malicious request targeting the interface of the affected devices. If successfully executed, the attack could lead to the affected device reloading, consequently disrupting service and impacting availability. The issue underscores the necessity for robust input validation mechanisms within management interfaces to prevent unauthorized disruptions.",Cisco,"Cisco Ip Phones With Multiplatform Firmware,Cisco Phoneos",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-01T16:43:15.553Z,0
CVE-2024-20378,https://securityvulnerability.io/vulnerability/CVE-2024-20378,Unauthorized Access to Sensitive Information in Cisco IP Phone Firmware,"A security flaw exists in the web-based management interface of Cisco IP Phone firmware that could enable remote attackers to gain unauthorized access to sensitive information stored on affected devices. The issue stems from inadequate authentication controls for specific endpoints, allowing attackers to connect without prior credentials. Once exploited, this vulnerability permits attackers to capture user credentials and intercept traffic, including VoIP calls, leading to potential replay attacks and data breaches. Organizations utilizing Cisco IP Phones should prioritize applying security patches and implementing additional security measures to mitigate risks associated with this vulnerability.",Cisco,"Cisco Ip Phones With Multiplatform Firmware,Cisco Phoneos",7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-01T16:41:52.385Z,0
CVE-2024-20357,https://securityvulnerability.io/vulnerability/CVE-2024-20357,Unauthenticated Remote Attacker Could Initiate Calls on Affected Devices via XML Service Vulnerability,"A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device.  
 This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.",Cisco,"Cisco Ip Phones With Multiplatform Firmware,Cisco Phoneos",5.9,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-01T16:36:53.907Z,0
CVE-2023-20221,https://securityvulnerability.io/vulnerability/CVE-2023-20221,Cross-Site Request Forgery in Cisco IP Phone Series Management Interface,"A vulnerability in the web-based management interface of Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware allows an unauthenticated, remote attacker to execute cross-site request forgery (CSRF) attacks. This issue arises from insufficient CSRF protections within the interface. An attacker could exploit this vulnerability by tricking an authenticated user into clicking a specially crafted link, potentially leading to unauthorized actions such as a factory reset of the device. Such an exploit could cause a Denial of Service (DoS) condition, disrupting normal operations.",Cisco,"Cisco IP Phones with Multiplatform Firmware,Cisco PhoneOS",6.5,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2023-08-16T22:15:00.000Z,0