How severe is CVE-2024-20378?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-20378?

This is classified as CWE-305, which is a common weakness in software security.

CVE-2024-20378 - HIGH Severity | CVSS 7.5

Vulnerability Description

A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device. This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed.

Related Vulnerabilities

CVE-2020-11012

HIGH

CVSS:7.5(High)

MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authentication bypass issue in the MinIO admin API. Given an admin access key, it is possible to perform admin API operations i.e. creating n...

CWE-3052020

CVE-2020-15078

HIGH

CVSS:7.5(High)

OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potential...

CWE-3052020

CVE-2021-43175

HIGH

CVSS:7.5(High)

The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API ...

CWE-3052021

CVE-2023-2959

HIGH

CVSS:7.5(High)

Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2.

CWE-3052023

CVE-2023-4727

HIGH

CVSS:7.5(High)

A flaw was found in dogtag-pki and pki-core. The token authentication scheme can be bypassed with a LDAP injection. By passing the query string parameter sessionID=*, an attacker can authenticate with...

CWE-3052023

CVE-2024-5957

HIGH

CVSS:7.5(High)

This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.

CWE-3052024