Vulnerability Details : CVE-2020-16138
Public exploit exists!
A denial-of-service issue in Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to remotely disable the device until it is power cycled. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. For more information on this, and how to upgrade, refer to the CVE’s reference information
Vulnerability category: Denial of service
Products affected by CVE-2020-16138
- Cisco » Unified Ip Conference Station 7937g FirmwareVersions from including (>=) 1.4.4.0 and up to, including, (<=) 1.4.5.7cpe:2.3:o:cisco:unified_ip_conference_station_7937g_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-16138
8.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-16138
-
Cisco 7937G Denial-of-Service Attack
Disclosure Date: 2020-06-02First seen: 2020-08-21auxiliary/dos/cisco/cisco_7937g_dosThis module exploits a bug in how the conference station handles incoming SSH connections that provide an incompatible key exchange. By connecting with an incompatible key exchange, the device becomes nonresponsive until it is manually power cycled. Authors: - Cody Martin
CVSS scores for CVE-2020-16138
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
References for CVE-2020-16138
-
https://www.blacklanternsecurity.com/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G/
Cisco Unified IP Conference Station 7937G | Black Lantern SecurityExploit;Third Party Advisory
-
https://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/unified-ip-phone-7940g/end_of_life_notice_c51-729487.html
End-of-Sale and End-of-Life Announcement for the Cisco Unified IP Conference Station 7937G - CiscoVendor Advisory
-
https://packetstormsecurity.com/files/158819/Cisco-7937G-Denial-Of-Service.html
Cisco 7937G Denial Of Service ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to