10

CVE-2020-3161

Warning
Exploit

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.

Data is provided by the National Vulnerability Database (NVD)
CiscoIp Phone 8865 Firmware Version10.3(1)es14
   CiscoIp Phone 8865 Version-
CiscoIp Phone 8865 Firmware Version11.0(1)
   CiscoIp Phone 8865 Version-
CiscoIp Phone 8865 Firmware Version11.0(5)sr1
   CiscoIp Phone 8865 Version-
CiscoIp Phone 8851 Firmware Version10.3(1)es14
   CiscoIp Phone 8851 Version-
CiscoIp Phone 8851 Firmware Version11.0(1)
   CiscoIp Phone 8851 Version-
CiscoIp Phone 8851 Firmware Version11.0(5)sr1
   CiscoIp Phone 8851 Version-
CiscoIp Phone 7841 Firmware Version11.0(1)
   CiscoIp Phone 7841 Version-
CiscoIp Phone 7821 Firmware Version11.0(1)
   CiscoIp Phone 7821 Version-
CiscoIp Phone 8811 Firmware Version10.3(1)es14
   CiscoIp Phone 8811 Version-
CiscoIp Phone 8811 Firmware Version11.0(1)
   CiscoIp Phone 8811 Version-
CiscoIp Phone 8811 Firmware Version11.0(5)sr1
   CiscoIp Phone 8811 Version-
CiscoIp Phone 8861 Firmware Version10.3(1)es14
   CiscoIp Phone 8861 Version-
CiscoIp Phone 8861 Firmware Version11.0(1)
   CiscoIp Phone 8861 Version-
CiscoIp Phone 8861 Firmware Version11.0(5)sr1
   CiscoIp Phone 8861 Version-
CiscoIp Phone 8845 Firmware Version10.3(1)es14
   CiscoIp Phone 8845 Version-
CiscoIp Phone 8845 Firmware Version11.0(1)
   CiscoIp Phone 8845 Version-
CiscoIp Phone 8845 Firmware Version11.0(5)sr1
   CiscoIp Phone 8845 Version-
CiscoIp Phone 7861 Firmware Version11.0(1)
   CiscoIp Phone 7861 Version-
CiscoIp Phone 8841 Firmware Version10.3(1)es14
   CiscoIp Phone 8841 Version-
CiscoIp Phone 8841 Firmware Version11.0(1)
   CiscoIp Phone 8841 Version-
CiscoIp Phone 8841 Firmware Version11.0(5)sr1
   CiscoIp Phone 8841 Version-
CiscoIp Phone 7811 Firmware Version11.0(1)
   CiscoIp Phone 7811 Version-
CiscoIp Phone 8821 Firmware Version10.3(1)es14
   CiscoIp Phone 8821 Version-
CiscoIp Phone 8821 Firmware Version11.0(1)
   CiscoIp Phone 8821 Version-
CiscoIp Phone 8821 Firmware Version11.0(5)sr1
   CiscoIp Phone 8821 Version-
CiscoIp Phone 8821-ex Firmware Version10.3(1)es14
   CiscoIp Phone 8821-ex Version-
CiscoIp Phone 8821-ex Firmware Version11.0(1)
   CiscoIp Phone 8821-ex Version-
CiscoIp Phone 8821-ex Firmware Version11.0(5)sr1
   CiscoIp Phone 8821-ex Version-
Cisco8831 Firmware Version10.3(1)es14
   Cisco8831 Version-
Cisco8831 Firmware Version11.0(1)
   Cisco8831 Version-
Cisco8831 Firmware Version11.0(5)sr1
   Cisco8831 Version-

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability

Vulnerability

Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 80.83% 0.991
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
psirt@cisco.com 9.8 3.9 5.9
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.