#VU25008 Input validation error in Cisco Systems, Inc Hardware solutions


Published: 2020-02-06

Vulnerability identifier: #VU25008

Vulnerability risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-3111

CWE-ID: CWE-20

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Cisco IP Conference Phone 7832
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Conference Phone 7832 with Multiplatform Firmware
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Conference Phone 8832
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Conference Phone 8832 with Multiplatform Firmware
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 6821 with Multiplatform Firmware
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 6841 with Multiplatform Firmware
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 6851 with Multiplatform Firmware
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 6861 with Multiplatform Firmware
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 6871 with Multiplatform Firmware
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 7811
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 7821
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 7841
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 7861
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 7811 with Multiplatform Firmware
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 7821 with Multiplatform Firmware
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 7841 with Multiplatform Firmware
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 7861 with Multiplatform Firmware
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 8811
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 8841
Hardware solutions / Office equipment, IP-phones, print servers
Cisco Wireless IP Phone 8851
Hardware solutions / Office equipment, IP-phones, print servers
Cisco Wireless IP Phone 8845
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 8811 with Multiplatform Firmware
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 8841 with Multiplatform Firmware
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 8851 with Multiplatform Firmware
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 8861 with Multiplatform Firmware
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 8845 with Multiplatform Firmware
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 8865 with Multiplatform Firmware
Hardware solutions / Office equipment, IP-phones, print servers
Cisco Unified IP Conference Phone 8831
Hardware solutions / Office equipment, IP-phones, print servers
Cisco Unified IP Conference Phone 8831 for Third-Party Call Control
Hardware solutions / Office equipment, IP-phones, print servers
Cisco Wireless IP Phone 8821
Hardware solutions / Office equipment, IP-phones, print servers
Cisco Wireless IP Phone 8821-EX
Hardware solutions / Office equipment, IP-phones, print servers
Cisco IP Phone 8861
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco IP Phone 8865
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: Cisco Systems, Inc

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to missing checks when processing Cisco Discovery Protocol messages. A remote attacker on the local network can send a specially crafted Cisco Discovery Protocol packet to the targeted IP phone and execute arbitrary code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Cisco IP Conference Phone 7832: All versions

Cisco IP Conference Phone 7832 with Multiplatform Firmware: All versions

Cisco IP Conference Phone 8832: All versions

Cisco IP Conference Phone 8832 with Multiplatform Firmware: All versions

Cisco IP Phone 6821 with Multiplatform Firmware: All versions

Cisco IP Phone 6841 with Multiplatform Firmware: All versions

Cisco IP Phone 6851 with Multiplatform Firmware: All versions

Cisco IP Phone 6861 with Multiplatform Firmware: All versions

Cisco IP Phone 6871 with Multiplatform Firmware: All versions

Cisco IP Phone 7811: All versions

Cisco IP Phone 7821: All versions

Cisco IP Phone 7841: All versions

Cisco IP Phone 7861: All versions

Cisco IP Phone 7811 with Multiplatform Firmware: All versions

Cisco IP Phone 7821 with Multiplatform Firmware: All versions

Cisco IP Phone 7841 with Multiplatform Firmware: All versions

Cisco IP Phone 7861 with Multiplatform Firmware: All versions

Cisco IP Phone 8811: All versions

Cisco IP Phone 8841: All versions

Cisco Wireless IP Phone 8851: All versions

Cisco IP Phone 8861: All versions

Cisco Wireless IP Phone 8845: All versions

Cisco IP Phone 8865: All versions

Cisco IP Phone 8811 with Multiplatform Firmware: All versions

Cisco IP Phone 8841 with Multiplatform Firmware: All versions

Cisco IP Phone 8851 with Multiplatform Firmware: All versions

Cisco IP Phone 8861 with Multiplatform Firmware: All versions

Cisco IP Phone 8845 with Multiplatform Firmware: All versions

Cisco IP Phone 8865 with Multiplatform Firmware: All versions

Cisco Unified IP Conference Phone 8831: 10.3.1

Cisco Unified IP Conference Phone 8831 for Third-Party Call Control: 9.3.4 SR3

Cisco Wireless IP Phone 8821: 11.0.5 SR1

Cisco Wireless IP Phone 8821-EX: 11.0.5 SR1

External links
http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Remote code execution in Cisco IP Phones