Unrated severityNVD Advisory· Published May 1, 2024· Updated Aug 1, 2024
CVE-2024-20357
CVE-2024-20357
Description
A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device. This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Cisco/Cisco IP Phones with Multiplatform Firmwarev5Range: 11.3.1 MSR2-6
- Range: 1.0.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.