Vulnerability Details : CVE-2020-3111
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Vulnerability category: Input validationExecute codeDenial of service
Products affected by CVE-2020-3111
- cpe:2.3:o:cisco:ip_conference_phone_7832_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:wireless_ip_phone_8821_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:wireless_ip_phone_8821-ex_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_6841_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_6851_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_6861_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_6871_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_6821_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:unified_ip_conference_phone_8831_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:unified_ip_conference_phone_8831_for_third-party_call_control_firmware:-:*:*:*:*:*:*:*When used together with: Cisco » Unified Ip Conference Phone 8831 For Third-party Call Control » Version: N/A
Exploit prediction scoring system (EPSS) score for CVE-2020-3111
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 31 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-3111
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.3
|
HIGH | AV:A/AC:L/Au:N/C:C/I:C/A:C |
6.5
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
Cisco Systems, Inc. | |
8.8
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2020-3111
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by:
- nvd@nist.gov (Primary)
- ykramarz@cisco.com (Secondary)
References for CVE-2020-3111
-
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos
Cisco IP Phone Remote Code Execution and Denial of Service VulnerabilityVendor Advisory
-
http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html
Cisco Discovery Protocol (CDP) Remote Device Takeover ≈ Packet StormThird Party Advisory;VDB Entry
Jump to