ID

VAR-202004-1234


CVE

CVE-2020-3161


TITLE

Cisco IP Phones Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004772

DESCRIPTION

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition. Cisco IP Phones There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco IP Phone 7811, etc. are all IP phones of the American company Cisco. There are input validation error vulnerabilities in the Web servers of many Cisco products

Trust: 2.25

sources: NVD: CVE-2020-3161 // JVNDB: JVNDB-2020-004772 // CNVD: CNVD-2020-31998 // VULMON: CVE-2020-3161

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-31998

AFFECTED PRODUCTS

vendor:ciscomodel:ip phone 8821-exscope:eqversion:11.0\(5\)sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8861scope:eqversion:11.0\(1\)

Trust: 1.0

vendor:ciscomodel:ip phone 7841scope:eqversion:11.0\(1\)

Trust: 1.0

vendor:ciscomodel:ip phone 8841scope:eqversion:10.3\(1\)es14

Trust: 1.0

vendor:ciscomodel:ip phone 8861scope:eqversion:11.0\(5\)sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8865scope:eqversion:11.0\(1\)

Trust: 1.0

vendor:ciscomodel:ip phone 7861scope:eqversion:11.0\(1\)

Trust: 1.0

vendor:ciscomodel:ip phone 8811scope:eqversion:10.3\(1\)es14

Trust: 1.0

vendor:ciscomodel:ip phone 8851scope:eqversion:10.3\(1\)es14

Trust: 1.0

vendor:ciscomodel:8831scope:eqversion:11.0\(1\)

Trust: 1.0

vendor:ciscomodel:ip phone 8865scope:eqversion:11.0\(5\)sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8845scope:eqversion:10.3\(1\)es14

Trust: 1.0

vendor:ciscomodel:8831scope:eqversion:11.0\(5\)sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8821scope:eqversion:11.0\(1\)

Trust: 1.0

vendor:ciscomodel:ip phone 8851scope:eqversion:11.0\(1\)

Trust: 1.0

vendor:ciscomodel:ip phone 8821-exscope:eqversion:10.3\(1\)es14

Trust: 1.0

vendor:ciscomodel:ip phone 8821scope:eqversion:11.0\(5\)sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8851scope:eqversion:11.0\(5\)sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8821-exscope:eqversion:11.0\(1\)

Trust: 1.0

vendor:ciscomodel:ip phone 7821scope:eqversion:11.0\(1\)

Trust: 1.0

vendor:ciscomodel:ip phone 8861scope:eqversion:10.3\(1\)es14

Trust: 1.0

vendor:ciscomodel:ip phone 8865scope:eqversion:10.3\(1\)es14

Trust: 1.0

vendor:ciscomodel:ip phone 8841scope:eqversion:11.0\(1\)

Trust: 1.0

vendor:ciscomodel:8831scope:eqversion:10.3\(1\)es14

Trust: 1.0

vendor:ciscomodel:ip phone 8811scope:eqversion:11.0\(1\)

Trust: 1.0

vendor:ciscomodel:ip phone 8841scope:eqversion:11.0\(5\)sr1

Trust: 1.0

vendor:ciscomodel:ip phone 7811scope:eqversion:11.0\(1\)

Trust: 1.0

vendor:ciscomodel:ip phone 8821scope:eqversion:10.3\(1\)es14

Trust: 1.0

vendor:ciscomodel:ip phone 8811scope:eqversion:11.0\(5\)sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8845scope:eqversion:11.0\(5\)sr1

Trust: 1.0

vendor:ciscomodel:ip phone 8845scope:eqversion:11.0\(1\)

Trust: 1.0

vendor:ciscomodel:ip phone 7811scope: - version: -

Trust: 0.8

vendor:ciscomodel:ip phone 7821scope: - version: -

Trust: 0.8

vendor:ciscomodel:ip phone 7841scope: - version: -

Trust: 0.8

vendor:ciscomodel:ip phone 7861scope: - version: -

Trust: 0.8

vendor:ciscomodel:ip phone 8811scope: - version: -

Trust: 0.8

vendor:ciscomodel:ip phone 8841scope: - version: -

Trust: 0.8

vendor:ciscomodel:ip phone 8845scope: - version: -

Trust: 0.8

vendor:ciscomodel:ip phone 8851scope: - version: -

Trust: 0.8

vendor:ciscomodel:ip phone 8861scope: - version: -

Trust: 0.8

vendor:ciscomodel:ip phone 8865scope: - version: -

Trust: 0.8

vendor:ciscomodel:ip phonescope:eqversion:7861

Trust: 0.6

vendor:ciscomodel:ip phonescope:eqversion:7811

Trust: 0.6

vendor:ciscomodel:ip phonescope:eqversion:7821

Trust: 0.6

vendor:ciscomodel:ip phonescope:eqversion:7841

Trust: 0.6

vendor:ciscomodel:ip phonescope:eqversion:8811

Trust: 0.6

vendor:ciscomodel:ip phonescope:eqversion:8841

Trust: 0.6

vendor:ciscomodel:ip phonescope:eqversion:8845

Trust: 0.6

vendor:ciscomodel:ip phonescope:eqversion:8851

Trust: 0.6

vendor:ciscomodel:ip phonescope:eqversion:8861

Trust: 0.6

vendor:ciscomodel:ip phonescope:eqversion:8865

Trust: 0.6

vendor:ciscomodel:unified ip conference phonescope:eqversion:8831

Trust: 0.6

vendor:ciscomodel:wireless ip phonescope:eqversion:8821

Trust: 0.6

vendor:ciscomodel:wireless ip phone 8821-exscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-31998 // JVNDB: JVNDB-2020-004772 // NVD: CVE-2020-3161

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3161
value: CRITICAL

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3161
value: CRITICAL

Trust: 1.0

NVD: JVNDB-2020-004772
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2020-31998
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202004-1099
value: CRITICAL

Trust: 0.6

VULMON: CVE-2020-3161
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2020-3161
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004772
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-31998
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-3161
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3161
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-004772
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-31998 // VULMON: CVE-2020-3161 // JVNDB: JVNDB-2020-004772 // CNNVD: CNNVD-202004-1099 // NVD: CVE-2020-3161 // NVD: CVE-2020-3161

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2020-004772 // NVD: CVE-2020-3161

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202004-1099

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202004-1099

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-004772

PATCH

title:cisco-sa-voip-phones-rce-dos-rB6EeRXsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs

Trust: 0.8

title:Patch for Multiple Cisco product input verification error vulnerabilities (CNVD-2020-31998)url:https://www.cnvd.org.cn/patchInfo/show/220745

Trust: 0.6

title:Multiple Cisco Product input verification error vulnerability fixesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=117144

Trust: 0.6

title:Cisco: Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-voip-phones-rce-dos-rB6EeRXs

Trust: 0.1

title:CVE-2020-3161url:https://github.com/uromulouinthehouse/CVE-2020-3161

Trust: 0.1

title:CVE-2020-3161url:https://github.com/abood05972/CVE-2020-3161

Trust: 0.1

title:CVE-2020-3161url:https://github.com/uromulou/CVE-2020-3161

Trust: 0.1

title:CVE-2020-3161url:https://github.com/urRomulou/CVE-2020-3161

Trust: 0.1

title:CVE-2020-3161-REMAKEurl:https://github.com/uromulou/CVE-2020-3161-REMAKE

Trust: 0.1

title: - url:https://github.com/soosmile/POC

Trust: 0.1

title:PoCurl:https://github.com/Jonathan-Elias/PoC

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/developer3000S/PoC-in-GitHub

Trust: 0.1

title:PoC-in-GitHuburl:https://github.com/hectorgie/PoC-in-GitHub

Trust: 0.1

title:Threatposturl:https://threatpost.com/critical-cisco-ip-phone-rce-flaw/154864/

Trust: 0.1

sources: CNVD: CNVD-2020-31998 // VULMON: CVE-2020-3161 // JVNDB: JVNDB-2020-004772 // CNNVD: CNNVD-202004-1099

EXTERNAL IDS

db:NVDid:CVE-2020-3161

Trust: 3.1

db:PACKETSTORMid:157265

Trust: 1.7

db:JVNDBid:JVNDB-2020-004772

Trust: 0.8

db:CNVDid:CNVD-2020-31998

Trust: 0.6

db:AUSCERTid:ESB-2020.1321.2

Trust: 0.6

db:AUSCERTid:ESB-2020.1321

Trust: 0.6

db:EXPLOIT-DBid:48342

Trust: 0.6

db:CNNVDid:CNNVD-202004-1099

Trust: 0.6

db:VULMONid:CVE-2020-3161

Trust: 0.1

sources: CNVD: CNVD-2020-31998 // VULMON: CVE-2020-3161 // JVNDB: JVNDB-2020-004772 // CNNVD: CNNVD-202004-1099 // NVD: CVE-2020-3161

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-voip-phones-rce-dos-rb6eerxs

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2020-3161

Trust: 2.0

url:http://packetstormsecurity.com/files/157265/cisco-ip-phone-11.7-denial-of-service.html

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3161

Trust: 0.8

url:https://www.exploit-db.com/exploits/48342

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-ip-phone-code-execution-via-web-server-32043

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1321.2/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1321/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://github.com/uromulouinthehouse/cve-2020-3161

Trust: 0.1

url:https://github.com/abood05972/cve-2020-3161

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: CNVD: CNVD-2020-31998 // VULMON: CVE-2020-3161 // JVNDB: JVNDB-2020-004772 // CNNVD: CNNVD-202004-1099 // NVD: CVE-2020-3161

CREDITS

Jacob Baines

Trust: 0.6

sources: CNNVD: CNNVD-202004-1099

SOURCES

db:CNVDid:CNVD-2020-31998
db:VULMONid:CVE-2020-3161
db:JVNDBid:JVNDB-2020-004772
db:CNNVDid:CNNVD-202004-1099
db:NVDid:CVE-2020-3161

LAST UPDATE DATE

2024-08-14T15:12:21.026000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2020-31998date:2020-06-09T00:00:00
db:VULMONid:CVE-2020-3161date:2021-08-12T00:00:00
db:JVNDBid:JVNDB-2020-004772date:2020-05-27T00:00:00
db:CNNVDid:CNNVD-202004-1099date:2021-08-17T00:00:00
db:NVDid:CVE-2020-3161date:2021-08-12T18:19:39.917

SOURCES RELEASE DATE

db:CNVDid:CNVD-2020-31998date:2020-06-09T00:00:00
db:VULMONid:CVE-2020-3161date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-004772date:2020-05-27T00:00:00
db:CNNVDid:CNNVD-202004-1099date:2020-04-15T00:00:00
db:NVDid:CVE-2020-3161date:2020-04-15T20:15:15.097