#VU25008 Input validation error in Cisco Systems, Inc products - CVE-2020-3111
Published: February 6, 2020
Vulnerability identifier: #VU25008
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-3111
CWE-ID: CWE-20
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Cisco IP Conference Phone 7832
Cisco IP Conference Phone 7832 with Multiplatform Firmware
Cisco IP Conference Phone 8832
Cisco IP Conference Phone 8832 with Multiplatform Firmware
Cisco IP Phone 6821 with Multiplatform Firmware
Cisco IP Phone 6841 with Multiplatform Firmware
Cisco IP Phone 6851 with Multiplatform Firmware
Cisco IP Phone 6861 with Multiplatform Firmware
Cisco IP Phone 6871 with Multiplatform Firmware
Cisco IP Phone 7811
Cisco IP Phone 7821
Cisco IP Phone 7841
Cisco IP Phone 7861
Cisco IP Phone 7811 with Multiplatform Firmware
Cisco IP Phone 7821 with Multiplatform Firmware
Cisco IP Phone 7841 with Multiplatform Firmware
Cisco IP Phone 7861 with Multiplatform Firmware
Cisco IP Phone 8811
Cisco IP Phone 8841
Cisco Wireless IP Phone 8851
Cisco Wireless IP Phone 8845
Cisco IP Phone 8811 with Multiplatform Firmware
Cisco IP Phone 8841 with Multiplatform Firmware
Cisco IP Phone 8851 with Multiplatform Firmware
Cisco IP Phone 8861 with Multiplatform Firmware
Cisco IP Phone 8845 with Multiplatform Firmware
Cisco IP Phone 8865 with Multiplatform Firmware
Cisco Unified IP Conference Phone 8831
Cisco Unified IP Conference Phone 8831 for Third-Party Call Control
Cisco Wireless IP Phone 8821
Cisco Wireless IP Phone 8821-EX
Cisco IP Phone 8861
Cisco IP Phone 8865
Cisco IP Conference Phone 7832
Cisco IP Conference Phone 7832 with Multiplatform Firmware
Cisco IP Conference Phone 8832
Cisco IP Conference Phone 8832 with Multiplatform Firmware
Cisco IP Phone 6821 with Multiplatform Firmware
Cisco IP Phone 6841 with Multiplatform Firmware
Cisco IP Phone 6851 with Multiplatform Firmware
Cisco IP Phone 6861 with Multiplatform Firmware
Cisco IP Phone 6871 with Multiplatform Firmware
Cisco IP Phone 7811
Cisco IP Phone 7821
Cisco IP Phone 7841
Cisco IP Phone 7861
Cisco IP Phone 7811 with Multiplatform Firmware
Cisco IP Phone 7821 with Multiplatform Firmware
Cisco IP Phone 7841 with Multiplatform Firmware
Cisco IP Phone 7861 with Multiplatform Firmware
Cisco IP Phone 8811
Cisco IP Phone 8841
Cisco Wireless IP Phone 8851
Cisco Wireless IP Phone 8845
Cisco IP Phone 8811 with Multiplatform Firmware
Cisco IP Phone 8841 with Multiplatform Firmware
Cisco IP Phone 8851 with Multiplatform Firmware
Cisco IP Phone 8861 with Multiplatform Firmware
Cisco IP Phone 8845 with Multiplatform Firmware
Cisco IP Phone 8865 with Multiplatform Firmware
Cisco Unified IP Conference Phone 8831
Cisco Unified IP Conference Phone 8831 for Third-Party Call Control
Cisco Wireless IP Phone 8821
Cisco Wireless IP Phone 8821-EX
Cisco IP Phone 8861
Cisco IP Phone 8865
Software vendor:
Cisco Systems, Inc
Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to missing checks when processing Cisco Discovery Protocol messages. A remote attacker on the local network can send a specially crafted Cisco Discovery Protocol packet to the targeted IP phone and execute arbitrary code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition.
Remediation
Install updates from vendor's website.