CVE-2020-3111
Last modified
CVE-2020-3111 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. EPSS estimates a 3.09% chance of exploitation in the next 30 days.
Description
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Metrics
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ip Conference Phone 7832 Firmware | < 12.7\(1\) |
| Cisco | Ip Conference Phone 7832 With Multiplatform Firmware | < 11.3\(1\)sr1 |
| Cisco | Ip Conference Phone 8832 Firmware | < 12.7\(1\) |
| Cisco | Ip Conference Phone 8832 With Multiplatform Firmware | < 11.3\(1\)sr1 |
| Cisco | Ip Phone 6821 Firmware | < 11.3\(1\)sr1 |
| Cisco | Ip Phone 6841 Firmware | < 11.3\(1\)sr1 |
| Cisco | Ip Phone 6851 Firmware | < 11.3\(1\)sr1 |
| Cisco | Ip Phone 6861 Firmware | < 11.3\(1\)sr1 |
| Cisco | Ip Phone 6871 Firmware | < 11.3\(1\)sr1 |
| Cisco | Ip Phone 7811 Firmware | < 12.7\(1\) |
| Cisco | Ip Phone 7811 With Multiplatform Firmware | < 11.3\(1\)sr1 |
| Cisco | Ip Phone 7821 Firmware | < 12.7\(1\) |
| Cisco | Ip Phone 7821 With Multiplatform Firmware | < 11.3\(1\)sr1 |
| Cisco | Ip Phone 7841 Firmware | < 12.7\(1\) |
| Cisco | Ip Phone 7841 With Multiplatform Firmware | < 11.3\(1\)sr1 |
| Cisco | Ip Phone 7861 Firmware | < 12.7\(1\) |
| Cisco | Ip Phone 7861 With Multiplatform Firmware | < 11.3\(1\)sr1 |
| Cisco | Ip Phone 8811 Firmware | < 12.7\(1\) |
| Cisco | Ip Phone 8811 With Multiplatform Firmware | < 11.3\(1\)sr1 |
| Cisco | Ip Phone 8841 Firmware | < 12.7\(1\) |
| Cisco | Ip Phone 8841 With Multiplatform Firmware | < 11.3\(1\)sr1 |
| Cisco | Ip Phone 8851 Firmware | < 12.7\(1\) |
| Cisco | Ip Phone 8851 With Multiplatform Firmware | < 11.3\(1\)sr1 |
| Cisco | Ip Phone 8861 Firmware | < 12.7\(1\) |
| Cisco | Ip Phone 8861 With Multiplatform Firmware | < 11.3\(1\)sr1 |
| Cisco | Ip Phone 8845 Firmware | < 12.7\(1\) |
| Cisco | Ip Phone 8845 With Multiplatform Firmware | < 11.3\(1\)sr1 |
| Cisco | Ip Phone 8865 Firmware | < 12.7\(1\) |
| Cisco | Ip Phone 8865 With Multiplatform Firmware | < 11.3\(1\)sr1 |
| Cisco | Unified Ip Conference Phone 8831 Firmware | < 10.3\(1\)sr6 |
| Cisco | Unified Ip Conference Phone 8831 For Third-Party Call Control Firmware | All versions |
| Cisco | Wireless Ip Phone 8821 Firmware | < 11.0\(5\)sr2 |
| Cisco | Wireless Ip Phone 8821-Ex Firmware | < 11.0\(5\)sr2 |
References
- http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.htmlThird Party Advisory, VDB Entry
- http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.htmlThird Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-3111?
How severe is CVE-2020-3111?
How do I fix CVE-2020-3111?
Are you affected by CVE-2020-3111?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST