8.8
CVE-2020-3111
- EPSS 0.23%
- Published 05.02.2020 18:15:10
- Last modified 21.11.2024 05:30:20
- Source psirt@cisco.com
- Teams watchlist Login
- Open Login
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Data is provided by the National Vulnerability Database (NVD)
Cisco ≫ Ip Conference Phone 7832 Firmware Version < 12.7\(1\)
Cisco ≫ Ip Conference Phone 7832 With Multiplatform Firmware Version < 11.3\(1\)sr1
Cisco ≫ Ip Conference Phone 8832 Firmware Version < 12.7\(1\)
Cisco ≫ Ip Conference Phone 8832 With Multiplatform Firmware Version < 11.3\(1\)sr1
Cisco ≫ Ip Phone 6821 Firmware Version < 11.3\(1\)sr1
Cisco ≫ Ip Phone 6841 Firmware Version < 11.3\(1\)sr1
Cisco ≫ Ip Phone 6851 Firmware Version < 11.3\(1\)sr1
Cisco ≫ Ip Phone 6861 Firmware Version < 11.3\(1\)sr1
Cisco ≫ Ip Phone 6871 Firmware Version < 11.3\(1\)sr1
Cisco ≫ Ip Phone 7811 Firmware Version < 12.7\(1\)
Cisco ≫ Ip Phone 7811 With Multiplatform Firmware Version < 11.3\(1\)sr1
Cisco ≫ Ip Phone 7821 Firmware Version < 12.7\(1\)
Cisco ≫ Ip Phone 7821 With Multiplatform Firmware Version < 11.3\(1\)sr1
Cisco ≫ Ip Phone 7841 Firmware Version < 12.7\(1\)
Cisco ≫ Ip Phone 7841 With Multiplatform Firmware Version < 11.3\(1\)sr1
Cisco ≫ Ip Phone 7861 Firmware Version < 12.7\(1\)
Cisco ≫ Ip Phone 7861 With Multiplatform Firmware Version < 11.3\(1\)sr1
Cisco ≫ Ip Phone 8811 Firmware Version < 12.7\(1\)
Cisco ≫ Ip Phone 8811 With Multiplatform Firmware Version < 11.3\(1\)sr1
Cisco ≫ Ip Phone 8841 Firmware Version < 12.7\(1\)
Cisco ≫ Ip Phone 8841 With Multiplatform Firmware Version < 11.3\(1\)sr1
Cisco ≫ Ip Phone 8851 Firmware Version < 12.7\(1\)
Cisco ≫ Ip Phone 8851 With Multiplatform Firmware Version < 11.3\(1\)sr1
Cisco ≫ Ip Phone 8861 Firmware Version < 12.7\(1\)
Cisco ≫ Ip Phone 8861 With Multiplatform Firmware Version < 11.3\(1\)sr1
Cisco ≫ Ip Phone 8845 Firmware Version < 12.7\(1\)
Cisco ≫ Ip Phone 8845 With Multiplatform Firmware Version < 11.3\(1\)sr1
Cisco ≫ Ip Phone 8865 Firmware Version < 12.7\(1\)
Cisco ≫ Ip Phone 8865 With Multiplatform Firmware Version < 11.3\(1\)sr1
Cisco ≫ Unified Ip Conference Phone 8831 Firmware Version < 10.3\(1\)sr6
Cisco ≫ Wireless Ip Phone 8821 Firmware Version < 11.0\(5\)sr2
Cisco ≫ Wireless Ip Phone 8821-ex Firmware Version < 11.0\(5\)sr2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.461 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 8.3 | 6.5 | 10 |
AV:A/AC:L/Au:N/C:C/I:C/A:C
|
| psirt@cisco.com | 8.8 | 2.8 | 5.9 |
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.