What is CVE-2024-20533?

CVE-2024-20533 is a medium-severity vulnerability in Cisco Ip Phones With Multiplatform Firmware, classified under Cross-site Scripting. CVSS score: 4.8/10. Published 2024-11-06.

How severe is CVE-2024-20533?

Medium severity. CVSS v3 base score is 4.8 out of 10.

Is CVE-2024-20533 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

XSS in Cisco Ip Phones With Multiplatform Firmware

CVE-2024-20533

A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-s…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.002 (38.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.8 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N.

Affected products

Cisco Ip Phones With Multiplatform Firmware — versions 11.1.2, 11.2.1, 11.2.3
Cisco Session Initiation Protocol (Sip) Software — versions 3.1(1), 3.0(1), 3.1(1)SR1

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

cisco-sa-mpp-xss-8tAV2TvF

Frequently asked questions

What is CVE-2024-20533?: CVE-2024-20533 is a medium-severity vulnerability in Cisco Ip Phones With Multiplatform Firmware, classified under Cross-site Scripting. CVSS score: 4.8/10. Published 2024-11-06.
How severe is CVE-2024-20533?: Medium severity. CVSS v3 base score is 4.8 out of 10.
Is CVE-2024-20533 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.