CVE-2024-20378

Name of the Vulnerable Software and Affected Versions Cisco IP Phone 6800 versions (affected versions not specified) Cisco IP Phone 7800 versions (affected versions not specified) Cisco IP Phone 8800 versions (affected versions not specified) Cisco Video Phone 8875 versions (affected versions not specified)

Description The issue is related to a lack of authentication for specific endpoints of the web-based management interface on affected devices, allowing an unauthenticated, remote attacker to retrieve sensitive information. A successful exploit could enable the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.

Recommendations For Cisco IP Phone 6800, update the firmware to a version that includes a fix for this issue. For Cisco IP Phone 7800, update the firmware to a version that includes a fix for this issue. For Cisco IP Phone 8800, update the firmware to a version that includes a fix for this issue. For Cisco Video Phone 8875, update the firmware to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the web-based management interface to minimize the risk of exploitation.