CVE-2020-3161critical
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
References
http://packetstormsecurity.com/files/157265/Cisco-IP-Phone-11.7-Denial-Of-Service.html
Details
Source: MITRE
Published: 2020-04-15
Updated: 2021-08-12
Type: CWE-20
Risk Information
CVSS v2
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 10
Severity: HIGH
CVSS v3
Base Score: 9.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9
Severity: CRITICAL
Vulnerable Software
Configuration 1
AND
OR
cpe:2.3:o:cisco:ip_phone_8865_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8865_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8865_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
OR
Configuration 2
AND
OR
cpe:2.3:o:cisco:ip_phone_8851_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8851_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8851_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
OR
Configuration 3
AND
OR
cpe:2.3:o:cisco:ip_phone_7841_firmware:11.0\(1\):*:*:*:*:*:*:*
OR
Configuration 4
AND
OR
cpe:2.3:o:cisco:ip_phone_7821_firmware:11.0\(1\):*:*:*:*:*:*:*
OR
Configuration 5
AND
OR
cpe:2.3:o:cisco:ip_phone_8811_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8811_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8811_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
OR
Configuration 6
AND
OR
cpe:2.3:o:cisco:ip_phone_8861_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8861_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8861_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
OR
Configuration 7
AND
OR
cpe:2.3:o:cisco:ip_phone_8845_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8845_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8845_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
OR
Configuration 8
AND
OR
cpe:2.3:o:cisco:ip_phone_7861_firmware:11.0\(1\):*:*:*:*:*:*:*
OR
Configuration 9
AND
OR
cpe:2.3:o:cisco:ip_phone_8841_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8841_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8841_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
OR
Configuration 10
AND
OR
cpe:2.3:o:cisco:ip_phone_7811_firmware:11.0\(1\):*:*:*:*:*:*:*
OR
Configuration 11
AND
OR
cpe:2.3:o:cisco:ip_phone_8821_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
OR
Configuration 12
AND
OR
cpe:2.3:o:cisco:ip_phone_8821-ex_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821-ex_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821-ex_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
OR
Configuration 13
AND
OR
cpe:2.3:o:cisco:8831_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
OR