CVE-2020-3161
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD
Description
A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
Affected (31)
Products: Cisco: Ip Phone 8865 Firmware, Ip Phone 8851 Firmware, Ip Phone 7841 Firmware, Ip Phone 7821 Firmware, Ip Phone 8811 Firmware, Ip Phone 8861 Firmware, Ip Phone 8845 Firmware, Ip Phone 7861 Firmware, Ip Phone 8841 Firmware, Ip Phone 7811 Firmware, Ip Phone 8821 Firmware, Ip Phone 8821 Ex Firmware, 8831 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)es14 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8865 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)es14 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8851 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.0(1) |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7841 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.0(1) |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7821 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)es14 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8811 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)es14 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8861 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)es14 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8845 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.0(1) |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7861 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)es14 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8841 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 11.0(1) |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 7811 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)es14 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8821 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)es14 |
| Running on/with | Platform Versions |
|---|---|
Cisco Ip Phone 8821 Ex | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 10.3(1)es14 |
| Running on/with | Platform Versions |
|---|---|
Cisco 8831 | All versions |
References (5)
Source: psirt@cisco.com
ExploitThird Party AdvisoryVDB Entry
Source: psirt@cisco.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Timeline
No history available yet.