Main
Vulnerability Database
Exploits
ID:4981 - Exploit for Input validation error in Cisco Systems, Inc products - CVE-2020-3161
ID:4981 - Exploit for Input validation error in Cisco Systems, Inc products - CVE-2020-3161
Published: January 3, 2021
Vulnerability identifier: #VU26976
Vulnerability risk: High
CVE-ID: CVE-2020-3161
CWE-ID: CWE-20
Exploitation vector: Remote access
Vulnerable software:
Cisco IP Phone 7811
Cisco IP Phone 7821
Cisco IP Phone 7841
Cisco IP Phone 7861
Cisco IP Phone 8811
Cisco IP Phone 8841
Cisco Wireless IP Phone 8845
Cisco Wireless IP Phone 8851
Cisco IP Phone 8861
Cisco IP Phone 8865
Cisco Unified IP Conference Phone 8831
Cisco Wireless IP Phone 8821
Cisco Wireless IP Phone 8821-EX
Cisco IP Phone 7811
Cisco IP Phone 7821
Cisco IP Phone 7841
Cisco IP Phone 7861
Cisco IP Phone 8811
Cisco IP Phone 8841
Cisco Wireless IP Phone 8845
Cisco Wireless IP Phone 8851
Cisco IP Phone 8861
Cisco IP Phone 8865
Cisco Unified IP Conference Phone 8831
Cisco Wireless IP Phone 8821
Cisco Wireless IP Phone 8821-EX
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insufficient validation of user-supplied input of HTTP requests in the web server for Cisco IP Phones. A remote attacker can send a specially crafted HTTP request and execute arbitrary code with root privileges or cause a reload of an affected IP phone, resulting in a (DoS) condition.
Remediation
Install updates from vendor's website.