10
CVE-2020-3161
- EPSS 80.83%
- Veröffentlicht 15.04.2020 20:15:15
- Zuletzt bearbeitet 24.02.2025 16:14:27
- Quelle psirt@cisco.com
- Teams Watchlist Login
- Unerledigt Login
A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Ip Phone 8865 Firmware Version10.3(1)es14
Cisco ≫ Ip Phone 8865 Firmware Version11.0(1)
Cisco ≫ Ip Phone 8865 Firmware Version11.0(5)sr1
Cisco ≫ Ip Phone 8851 Firmware Version10.3(1)es14
Cisco ≫ Ip Phone 8851 Firmware Version11.0(1)
Cisco ≫ Ip Phone 8851 Firmware Version11.0(5)sr1
Cisco ≫ Ip Phone 7841 Firmware Version11.0(1)
Cisco ≫ Ip Phone 7821 Firmware Version11.0(1)
Cisco ≫ Ip Phone 8811 Firmware Version10.3(1)es14
Cisco ≫ Ip Phone 8811 Firmware Version11.0(1)
Cisco ≫ Ip Phone 8811 Firmware Version11.0(5)sr1
Cisco ≫ Ip Phone 8861 Firmware Version10.3(1)es14
Cisco ≫ Ip Phone 8861 Firmware Version11.0(1)
Cisco ≫ Ip Phone 8861 Firmware Version11.0(5)sr1
Cisco ≫ Ip Phone 8845 Firmware Version10.3(1)es14
Cisco ≫ Ip Phone 8845 Firmware Version11.0(1)
Cisco ≫ Ip Phone 8845 Firmware Version11.0(5)sr1
Cisco ≫ Ip Phone 7861 Firmware Version11.0(1)
Cisco ≫ Ip Phone 8841 Firmware Version10.3(1)es14
Cisco ≫ Ip Phone 8841 Firmware Version11.0(1)
Cisco ≫ Ip Phone 8841 Firmware Version11.0(5)sr1
Cisco ≫ Ip Phone 7811 Firmware Version11.0(1)
Cisco ≫ Ip Phone 8821 Firmware Version10.3(1)es14
Cisco ≫ Ip Phone 8821 Firmware Version11.0(1)
Cisco ≫ Ip Phone 8821 Firmware Version11.0(5)sr1
Cisco ≫ Ip Phone 8821-ex Firmware Version10.3(1)es14
Cisco ≫ Ip Phone 8821-ex Firmware Version11.0(1)
Cisco ≫ Ip Phone 8821-ex Firmware Version11.0(5)sr1
Cisco ≫ 8831 Firmware Version10.3(1)es14
Cisco ≫ 8831 Firmware Version11.0(1)
Cisco ≫ 8831 Firmware Version11.0(5)sr1
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability
SchwachstelleCisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 80.83% | 0.991 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| psirt@cisco.com | 9.8 | 3.9 | 5.9 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.