CVE-2020-3161
Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 12, 2019
- Published Date
- April 15, 2020
- Last Updated
- November 08, 2024
- Vendor
- Cisco
- Product
- Cisco IP phone
- Description
- A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
- Tags
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- total
cisa
edge
nessus_scanner
CVSS Scores
CVSS v3.0
9.8 - CRITICAL
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC Information
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2021-11-03 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nessus | https://www.tenable.com/plugins/nessus/502115 | 2025-06-02 14:00:25 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
abood05972/CVE-2020-3161
Type: github • Created: 2020-12-31 15:37:48 UTC • Stars: 0
Cisco IP Phone 11.7 - Denial of Service (PoC)
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Proof of Concept Exploit Available
-
Added to KEVIntel
-
Detected by Nessus