CVE-2020-3111

HIGH

Description

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

References

http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos

Details

Source: MITRE

Published: 2020-02-05

Updated: 2020-02-07

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 8.3

Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 6.5

Severity: HIGH

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:o:cisco:ip_conference_phone_7832_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:ip_conference_phone_7832:-:*:*:*:*:*:*:*

Configuration 2

AND

OR

cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*

Configuration 3

AND

OR

cpe:2.3:o:cisco:ip_phone_6821_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:ip_phone_6821:-:*:*:*:*:*:*:*

Configuration 4

AND

OR

cpe:2.3:o:cisco:ip_phone_6841_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:*

Configuration 5

AND

OR

cpe:2.3:o:cisco:ip_phone_6851_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:*

Configuration 6

AND

OR

cpe:2.3:o:cisco:ip_phone_6861_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*

Configuration 7

AND

OR

cpe:2.3:o:cisco:ip_phone_6871_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:*

Configuration 8

AND

OR

cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*

Configuration 9

AND

OR

cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*

Configuration 10

AND

OR

cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*

Configuration 11

AND

OR

cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*

Configuration 12

AND

OR

cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*

Configuration 13

AND

OR

cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*

Configuration 14

AND

OR

cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*

Configuration 15

AND

OR

cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*

Configuration 16

AND

OR

cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*

Configuration 17

AND

OR

cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*

cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*

Configuration 18

AND

OR

cpe:2.3:o:cisco:unified_ip_conference_phone_8831_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:unified_ip_conference_phone_8831:-:*:*:*:*:*:*:*

Configuration 19

AND

OR

cpe:2.3:o:cisco:unified_ip_conference_phone_8831_for_third-party_call_control_firmware:-:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:unified_ip_conference_phone_8831_for_third-party_call_control:-:*:*:*:*:*:*:*

Configuration 20

AND

OR

cpe:2.3:o:cisco:wireless_ip_phone_8821_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:wireless_ip_phone_8821:-:*:*:*:*:*:*:*

Configuration 21

AND

OR

cpe:2.3:o:cisco:wireless_ip_phone_8821-ex_firmware:*:*:*:*:*:*:*:*

OR

cpe:2.3:h:cisco:wireless_ip_phone_8821-ex:-:*:*:*:*:*:*:*

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
142018Cisco IP Phones Web Server RCE and DOS (cisco-sa-20200205-voip-phones-rce-dos)NessusCISCO
high