Multiple vulnerabilities in Cisco IP Phone 6861
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2020-24586 CVE-2020-24587 CVE-2020-24588 CVE-2020-26139 CVE-2020-26140 CVE-2020-26141 CVE-2020-26142 CVE-2020-26143 CVE-2020-26144 CVE-2020-26145 CVE-2020-26146 CVE-2020-26147 |
| CWE-ID | CWE-20 CWE-451 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco IP Phone 6861 Hardware solutions / Office equipment, IP-phones, print servers |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU53154
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-24586
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the 802.11 standard due to the affected device does not clear its cache/memory to remove fragments of an incomplete MSDU/MMPDU from previous session after reconnection/reassociation. A remote attacker on the local network can perform a fragment cache attack and perform a denial of service (DoS) attack.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco IP Phone 6861: All versions
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62884
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU53096
Risk: Low
CVSSv3.1: 6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-24587
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Windows Wireless Networking. A remote attacker on the local network can gain unauthorized access to sensitive information on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco IP Phone 6861: All versions
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62884
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Spoofing attack
EUVDB-ID: #VU53098
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-24588
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Windows Wireless Networking. A remote attacker on the local network can spoof page content.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco IP Phone 6861: All versions
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62884
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU53174
Risk: Low
CVSSv3.1: 6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-26139
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to forwarding EAPOL frames even though the sender is not yet authenticated. A remote attacker on the local network can cause a denial of service (DoS) condition on the target system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco IP Phone 6861: All versions
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62884
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU53161
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-26140
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. A remote attacker on the local network can inject arbitrary data frames independent of the network configuration.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco IP Phone 6861: All versions
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62884
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU53176
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-26141
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. A remote attacker on the local network can inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco IP Phone 6861: All versions
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62884
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU53175
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-26142
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. A remote attacker on the local network can inject arbitrary network packets, independent of the network configuration.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco IP Phone 6861: All versions
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62884
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU53166
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-26143
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. A remote attacker on the local network can inject arbitrary data frames independent of the network configuration.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco IP Phone 6861: All versions
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62884
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Spoofing attack
EUVDB-ID: #VU53097
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-26144
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in Windows Wireless Networking. A remote attacker on the local network can spoof page content.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco IP Phone 6861: All versions
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62884
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU53155
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-26145
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. A remote attacker on the local network can inject arbitrary network packets independent of the network configuration.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco IP Phone 6861: All versions
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62884
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU53167
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-26146
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. A remote attacker on the local network can exfiltrate selected fragments.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco IP Phone 6861: All versions
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62884
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU53172
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2020-26147
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. A remote attacker on the local network can inject packets and/or exfiltrate selected fragments
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsCisco IP Phone 6861: All versions
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx62884
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
