Details of VAR-202011-1022

ID

VAR-202011-1022

CVE

CVE-2020-3574

TITLE

plural Cisco IP Phone Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2020-013405

DESCRIPTION

A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition. plural Cisco IP Phone The product contains unspecified vulnerabilities.Denial of service (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-3574 // JVNDB: JVNDB-2020-013405

AFFECTED PRODUCTS

vendor:	cisco	model:	ip dect 210	scope:	lt	version:	4.8.1	Trust: 1.0
vendor:	cisco	model:	ip phone 8811	scope:	lt	version:	11.3.2	Trust: 1.0
vendor:	cisco	model:	ip phone 8841	scope:	lt	version:	11.3.2	Trust: 1.0
vendor:	cisco	model:	webex room phone	scope:	lt	version:	1.2.0	Trust: 1.0
vendor:	cisco	model:	unified ip conference phone 8831	scope:	eq	version:	9.3\(4\)	Trust: 1.0
vendor:	cisco	model:	ip dect 6825	scope:	lt	version:	4.8.1	Trust: 1.0
vendor:	cisco	model:	ip phone 8861	scope:	lt	version:	11.3.2	Trust: 1.0
vendor:	cisco	model:	ip phone 8851	scope:	lt	version:	11.3.2	Trust: 1.0
vendor:	シスコシステムズ	model:	ip dect 210	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	ip phone 8841	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	ip dect 6825	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	unified ip conference phone 8831	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	ip phone 8851	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	ip phone 8861	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	webex room phone	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	ip phone 8811	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2020-013405 // NVD: CVE-2020-3574

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-3574
value:	HIGH
Trust: 1.0
ykramarz@cisco.com:	CVE-2020-3574
value:	HIGH
Trust: 1.0
NVD:	CVE-2020-3574
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202011-339
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2020-3574
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2020-3574
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2020-3574
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2020-013405 // CNNVD: CNNVD-202011-339 // NVD: CVE-2020-3574 // NVD: CVE-2020-3574

PROBLEMTYPE DATA

problemtype:	CWE-371	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Other (CWE-Other) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2020-013405 // NVD: CVE-2020-3574

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-339

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202011-339

PATCH

title:	cisco-sa-voip-phone-flood-dos-YnU9EXOv	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv	Trust: 0.8
title:	Cisco IP Phone 8800 Series and Cisco IP Phone 7800 Series Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=134942	Trust: 0.6

sources: JVNDB: JVNDB-2020-013405 // CNNVD: CNNVD-202011-339

EXTERNAL IDS

db:	NVD	id:	CVE-2020-3574	Trust: 2.4
db:	JVNDB	id:	JVNDB-2020-013405	Trust: 0.8
db:	AUSCERT	id:	ESB-2020.4532	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3834	Trust: 0.6
db:	CNNVD	id:	CNNVD-202011-339	Trust: 0.6

sources: JVNDB: JVNDB-2020-013405 // CNNVD: CNNVD-202011-339 // NVD: CVE-2020-3574

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-voip-phone-flood-dos-ynu9exov	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3574	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2020.3834/	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-ip-phone-denial-of-service-via-tcp-packet-flood-33820	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4532/	Trust: 0.6

sources: JVNDB: JVNDB-2020-013405 // CNNVD: CNNVD-202011-339 // NVD: CVE-2020-3574

SOURCES

db:	JVNDB	id:	JVNDB-2020-013405
db:	CNNVD	id:	CNNVD-202011-339
db:	NVD	id:	CVE-2020-3574

LAST UPDATE DATE

2024-11-23T22:47:49.127000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2020-013405	date:	2021-07-01T09:05:00
db:	CNNVD	id:	CNNVD-202011-339	date:	2020-12-23T00:00:00
db:	NVD	id:	CVE-2020-3574	date:	2024-11-21T05:31:20.600

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2020-013405	date:	2021-07-01T00:00:00
db:	CNNVD	id:	CNNVD-202011-339	date:	2020-11-04T00:00:00
db:	NVD	id:	CVE-2020-3574	date:	2020-11-06T19:15:14.847