CVE-2020-3161

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:cisco:ip_phone_8865_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8865_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8865_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
OR cpe:2.3:o:cisco:ip_phone_8851_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8851_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8851_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:cisco:ip_phone_7841_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:cisco:ip_phone_7821_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
OR cpe:2.3:o:cisco:ip_phone_8811_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8811_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8811_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:o:cisco:ip_phone_8861_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8861_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8861_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
OR cpe:2.3:o:cisco:ip_phone_8845_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8845_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8845_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:cisco:ip_phone_7861_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
OR cpe:2.3:o:cisco:ip_phone_8841_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8841_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8841_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:cisco:ip_phone_7811_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
OR cpe:2.3:o:cisco:ip_phone_8821_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8821:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
OR cpe:2.3:o:cisco:ip_phone_8821-ex_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821-ex_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8821-ex_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8821-ex:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
OR cpe:2.3:o:cisco:8831_firmware:10.3\(1\)es14:*:*:*:*:*:*:*
cpe:2.3:o:cisco:8831_firmware:11.0\(1\):*:*:*:*:*:*:*
cpe:2.3:o:cisco:8831_firmware:11.0\(5\)sr1:*:*:*:*:*:*:*
cpe:2.3:h:cisco:8831:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-04-15 20:15

Updated : 2024-02-28 17:47


NVD link : CVE-2020-3161

Mitre link : CVE-2020-3161

CVE.ORG link : CVE-2020-3161


JSON object : View

Products Affected

cisco

  • 8831
  • ip_phone_7841
  • ip_phone_8845
  • ip_phone_8811_firmware
  • ip_phone_7861_firmware
  • ip_phone_8851
  • ip_phone_8865
  • ip_phone_8841
  • ip_phone_8821-ex_firmware
  • ip_phone_7821_firmware
  • ip_phone_8821
  • ip_phone_7821
  • ip_phone_8851_firmware
  • ip_phone_7841_firmware
  • ip_phone_8865_firmware
  • ip_phone_8861
  • ip_phone_8845_firmware
  • ip_phone_8811
  • ip_phone_8861_firmware
  • ip_phone_8841_firmware
  • ip_phone_7861
  • ip_phone_7811_firmware
  • ip_phone_8821-ex
  • ip_phone_8821_firmware
  • 8831_firmware
  • ip_phone_7811
CWE
CWE-20

Improper Input Validation