cvelistv5 - cve-2020-3161

CVE-2020-3161 (GCVE-0-2020-3161)

Vulnerability from cvelistv5

Published

2020-04-15 20:10

Modified

2025-10-21 23:35

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-20

Summary

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.

References

URL

	Vendor	Product	Version
	Cisco	Cisco IP phone	Version: n/a

CISA Known Exploited Vulnerability

Data from the CISA Known Exploited Vulnerabilities Catalog

Date added: 2021-11-03

Due date: 2022-05-03

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2020-3161

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:24:00.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200415 Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/157265/Cisco-IP-Phone-11.7-Denial-Of-Service.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3161",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T16:11:11.668072Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3161"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:35:45.888Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3161"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00.000Z",
            "value": "CVE-2020-3161 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IP phone",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-04-15T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about the vulnerability that is described in this advisory. Cisco PSIRT is not aware of any malicious use of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-17T16:05:59.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200415 Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/157265/Cisco-IP-Phone-11.7-Denial-Of-Service.html"
        }
      ],
      "source": {
        "advisory": "cisco-sa-voip-phones-rce-dos-rB6EeRXs",
        "defect": [
          [
            "CSCuz03016",
            "CSCvs78272",
            "CSCvs78441"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-04-15T16:00:00-0700",
          "ID": "CVE-2020-3161",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IP phone",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about the vulnerability that is described in this advisory. Cisco PSIRT is not aware of any malicious use of this vulnerability."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "9.8",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200415 Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs"
            },
            {
              "name": "http://packetstormsecurity.com/files/157265/Cisco-IP-Phone-11.7-Denial-Of-Service.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/157265/Cisco-IP-Phone-11.7-Denial-Of-Service.html"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-voip-phones-rce-dos-rB6EeRXs",
          "defect": [
            [
              "CSCuz03016",
              "CSCvs78272",
              "CSCvs78441"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3161",
    "datePublished": "2020-04-15T20:10:11.570Z",
    "dateReserved": "2019-12-12T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:35:45.888Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2020-3161",
      "cwes": "[\"CWE-20\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2022-05-03",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2020-3161",
      "product": "Cisco IP Phones",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition.",
      "vendorProject": "Cisco",
      "vulnerabilityName": "Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability"
    },
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs\", \"name\": \"20200415 Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/157265/Cisco-IP-Phone-11.7-Denial-Of-Service.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T07:24:00.645Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-3161\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-08T16:11:11.668072Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3161\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-11-03T00:00:00.000Z\", \"value\": \"CVE-2020-3161 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3161\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-08T16:11:28.158Z\"}}], \"cna\": {\"title\": \"Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability\", \"source\": {\"defect\": [[\"CSCuz03016\", \"CSCvs78272\", \"CSCvs78441\"]], \"advisory\": \"cisco-sa-voip-phones-rce-dos-rB6EeRXs\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco IP phone\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about the vulnerability that is described in this advisory. Cisco PSIRT is not aware of any malicious use of this vulnerability.\"}], \"datePublic\": \"2020-04-15T00:00:00.000Z\", \"references\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs\", \"name\": \"20200415 Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"]}, {\"url\": \"http://packetstormsecurity.com/files/157265/Cisco-IP-Phone-11.7-Denial-Of-Service.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2020-04-17T16:05:59.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"version\": \"3.0\", \"baseScore\": \"9.8\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\"}}, \"source\": {\"defect\": [[\"CSCuz03016\", \"CSCvs78272\", \"CSCvs78441\"]], \"advisory\": \"cisco-sa-voip-phones-rce-dos-rB6EeRXs\", \"discovery\": \"INTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"Cisco IP phone\"}]}, \"vendor_name\": \"Cisco\"}]}}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about the vulnerability that is described in this advisory. Cisco PSIRT is not aware of any malicious use of this vulnerability.\"}], \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs\", \"name\": \"20200415 Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability\", \"refsource\": \"CISCO\"}, {\"url\": \"http://packetstormsecurity.com/files/157265/Cisco-IP-Phone-11.7-Denial-Of-Service.html\", \"name\": \"http://packetstormsecurity.com/files/157265/Cisco-IP-Phone-11.7-Denial-Of-Service.html\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-20\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2020-3161\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability\", \"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2020-04-15T16:00:00-0700\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2020-3161\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:35:45.888Z\", \"dateReserved\": \"2019-12-12T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2020-04-15T20:10:11.570Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2020-AVI-227

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	IP Phone	Cisco IP Phone 8811, 8841, 8845, 8851, 8861 et 8865 versions antérieures à 11.7(1)
Cisco	N/A	Cisco Aironet Access Points versions antérieures à 8.5.161.0
Cisco	N/A	Webex Meetings Online versions antérieures à 1.3.48
Cisco	N/A	Cisco UCM et SME versions antérieures à 10.5(2)SU9
Cisco	N/A	Cisco WLC versions 8.6.x, 8.7.x et 8.8.x antérieures à 8.8.130.0
Cisco	N/A	Cisco Aironet Access Points versions 8.6.x et 8.7.x antérieures à 8.8.130.0
Cisco	N/A	Cisco IoT Field Network Director versions antérieures à 4.6
Cisco	N/A	Webex Meetings 39.5.x Sites versions antérieures à 39.5.18
Cisco	N/A	Unified IP Conference Phone 8831 versions antérieures à 10.3(1)SR6
Cisco	N/A	Cisco UCS Director versions antérieures à 6.7.4.0
Cisco	N/A	Cisco Aironet Access Points versions 8.9.x antérieures à 8.10.121.0
Cisco	N/A	Cisco UCM et SME versions 12.x antérieures à 12.5(1)SU2
Cisco	N/A	Cisco Mobility Express versions 8.6.x, 8.7.x et 8.8.x antérieures à 8.8.130.0
Cisco	N/A	Cisco UCS Director Express for Big Data versions antérieures à 3.7.4.0
Cisco	N/A	Webex Meetings Latest Sites versions antérieures à 40.2
Cisco	N/A	Cisco Mobility Express versions antérieures à 8.5.161.0
Cisco	N/A	Cisco UCM et SME versions 11.x antérieures à 11.5(1)SU7
Cisco	N/A	Cisco Mobility Express versions 8.9.x et 9.10.x antérieures à 8.10.121.0
Cisco	N/A	Webex Meetings Server versions antérieures à 4.0MR2SecurityPatch3
Cisco	IP Phone	Cisco Wireless IP Phone 8821 et 8821-EX versions antérieures à 11.0(5)SR3
Cisco	N/A	Cisco WLC versions 8.9.x et 8.10.x antérieures à 8.10.121.0
Cisco	N/A	Cisco WLC versions antérieures à 8.5.161.0
Cisco	N/A	Cisco Aironet Access Points Embedded Wireless Controller versions antérieures à 16.11.1b
Cisco	IP Phone	Cisco IP Phone 7811, 7821, 7841 et 7861 versions antérieures à 11.7(1)

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-wlc-capwap-dos-Y2sD9uEw du 15 avril 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-ucsd-mult-vulns-UNfpdW4E du 15 avril 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-webex-player-Q7Rtgvby du 15 avril 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-mob-exp-csrf-b8tFec24 du 15 avril 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-cucm-taps-path-trav-pfsFO93r du 15 avril 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-airo-wpa-dos-5ZLs6ESz du 15 avril 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-voip-phones-rce-dos-rB6EeRXs du 15 avril 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-iot-coap-dos-WTBu6YTq du 15 avril 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20160609-ipp du 15 avril 2020	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-wlc-gas-dos-8FsE3AWH du 15 avril 2020	None	vendor-advisory

Show details on source website