CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇬🇧 English

CVE-2020-3161

CVSS 9.8v3.1pub. 2020-04-15upd. 2025-10-28

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cisco 8831

    HW
    Cisco
    wszystkie wersje
  • Cisco 8831 Firmware

    OS
    Cisco
    10.3\(1\)es1411.0\(1\)11.0\(5\)sr1
  • Cisco Ip Phone 7811

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 7811 Firmware

    OS
    Cisco
    11.0\(1\)
  • Cisco Ip Phone 7821

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 7821 Firmware

    OS
    Cisco
    11.0\(1\)
  • Cisco Ip Phone 7841

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 7841 Firmware

    OS
    Cisco
    11.0\(1\)
  • Cisco Ip Phone 7861

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 7861 Firmware

    OS
    Cisco
    11.0\(1\)
  • Cisco Ip Phone 8811

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8811 Firmware

    OS
    Cisco
    10.3\(1\)es1411.0\(1\)11.0\(5\)sr1
  • Cisco Ip Phone 8821

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8821 Ex

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8821 Ex Firmware

    OS
    Cisco
    10.3\(1\)es1411.0\(1\)11.0\(5\)sr1
  • Cisco Ip Phone 8821 Firmware

    OS
    Cisco
    10.3\(1\)es1411.0\(1\)11.0\(5\)sr1
  • Cisco Ip Phone 8841

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8841 Firmware

    OS
    Cisco
    10.3\(1\)es1411.0\(1\)11.0\(5\)sr1
  • Cisco Ip Phone 8845

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8845 Firmware

    OS
    Cisco
    10.3\(1\)es1411.0\(1\)11.0\(5\)sr1
  • Cisco Ip Phone 8851

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8851 Firmware

    OS
    Cisco
    10.3\(1\)es1411.0\(1\)11.0\(5\)sr1
  • Cisco Ip Phone 8861

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8861 Firmware

    OS
    Cisco
    10.3\(1\)es1411.0\(1\)11.0\(5\)sr1
  • Cisco Ip Phone 8865

    HW
    Cisco
    wszystkie wersje
  • Cisco Ip Phone 8865 Firmware

    OS
    Cisco
    10.3\(1\)es1411.0\(1\)11.0\(5\)sr1

CISA KEV — szczegółyi

Dostawcai
Cisco
Produkti
Cisco IP Phones
Data dodania do KEVi
3 listopada 2021
Termin remediation (USA)i
3 maja 2022(po terminie)
Wymagana akcja (CISA)i

Zastosuj aktualizacje zgodnie z instrukcjami producenta.

tłumaczenie AI
Pokaż oryginał (EN)

Apply updates per vendor instructions.

Opis CISAi

Telefony IP Cisco zawierają lukę polegającą na nieprawidłowej walidacji danych wejściowych dla żądań HTTP. Wykorzystanie tej luki mogłoby pozwolić atakującemu na zdalne wykonanie kodu z uprawnieniami root lub spowodowanie warunków denial-of-service (DoS).

tłumaczenie AI
Pokaż oryginał (EN)

Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition.

🔴
NATYCHMIASTOWE DZIAŁANIE
Aktywnie wykorzystywane w atakach (CISA KEV). Załataj jak najszybciej.
CISA DEADLINE: 3 maja 2022
Tagi
DoS
CWE
Referencje

Powiązane podatności

CVE-2017-12240CRITICAL9.8⚠ KEVten sam produkt

The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability tha...

CVE-2023-20078CRITICAL9.8ten sam produkt

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unaut...

CVE-2023-20079CRITICAL9.8ten sam produkt

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unaut...

CVE-2022-20775HIGH7.8⚠ KEVten sam produkt

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain eleva...

CVE-2018-0154HIGH7.5⚠ KEVten sam produkt

A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco I...