CVE-2020-3111: Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability
First published: Wed Feb 05 2020(Updated: )
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IP Conference Phone 7832 Firmware | <12.7\(1\) | |
| Cisco IP Conference Phone 7832 | <11.3\(1\)sr1 | |
| Cisco IP Conference Phone 7832 Firmware | ||
| Cisco IP Conference Phone 8832 | <12.7\(1\) | |
| Cisco IP Conference Phone 8832 with Multiplatform Firmware | <11.3\(1\)sr1 | |
| Cisco IP Conference Phone 8832 Firmware | ||
| Cisco IP Phone 6821 firmware | <11.3\(1\)sr1 | |
| Cisco IP Phone 6821 firmware | ||
| Cisco IP Phone 6841 firmware | <11.3\(1\)sr1 | |
| Cisco IP Phone 6841 firmware | ||
| Cisco IP Phone 6851 | <11.3\(1\)sr1 | |
| Cisco IP Phone 6851 | ||
| cisco ip phone 6861 firmware | <11.3\(1\)sr1 | |
| cisco ip phone 6861 | ||
| Cisco IP Phone 6871 firmware | <11.3\(1\)sr1 | |
| Cisco IP Phone 6871 firmware | ||
| Cisco IP Phone 7811 firmware | <12.7\(1\) | |
| Cisco IP Phone 7811 with Multiplatform Firmware | <11.3\(1\)sr1 | |
| Cisco IP Phone 7811 firmware | ||
| Cisco IP Phone 7821 firmware | <12.7\(1\) | |
| Cisco IP Phone 7821 with Multiplatform Firmware | <11.3\(1\)sr1 | |
| Cisco IP Phone 7821 firmware | ||
| Cisco IP Phone 7841 firmware | <12.7\(1\) | |
| Cisco IP Phone 7841 with Multiplatform Firmware | <11.3\(1\)sr1 | |
| Cisco IP Phone 7841 firmware | ||
| Cisco IP Phone 7861 firmware | <12.7\(1\) | |
| Cisco IP Phone 7861 with Multiplatform Firmware | <11.3\(1\)sr1 | |
| Cisco IP Phone 7861 firmware | ||
| Cisco IP Phone 8811 firmware | <12.7\(1\) | |
| Cisco IP Phone 8811 | <11.3\(1\)sr1 | |
| Cisco IP Phone 8811 firmware | ||
| Cisco IP Phone 8841 firmware | <12.7\(1\) | |
| Cisco IP Phone 8841 | <11.3\(1\)sr1 | |
| Cisco IP Phone 8841 firmware | ||
| Cisco IP Phone 8851 firmware | <12.7\(1\) | |
| Cisco IP Phone 8851 | <11.3\(1\)sr1 | |
| Cisco IP Phone 8851 firmware | ||
| cisco ip phone 8861 firmware | <12.7\(1\) | |
| Cisco IP Phone 8861 with Multiplatform Firmware | <11.3\(1\)sr1 | |
| Cisco IP Phone 8861 Firmware 3PCC | ||
| Cisco IP Phone 8845 firmware | <12.7\(1\) | |
| Cisco IP Phone 8845 | <11.3\(1\)sr1 | |
| Cisco IP Phone 8845 firmware | ||
| cisco ip phone 8865 firmware | <12.7\(1\) | |
| Cisco IP Phone 8865 with Multiplatform Firmware | <11.3\(1\)sr1 | |
| cisco ip phone 8865 | ||
| Cisco Unified IP Conference Phone 8831 | <10.3\(1\)sr6 | |
| Cisco Unified IP Conference Phone 8831 for Third-Party Call Control | ||
| Cisco Unified IP Conference Phone 8831 | ||
| Cisco Unified IP Conference Phone 8831 | ||
| Cisco Wireless IP Phone 8821-EX firmware | <11.0\(5\)sr2 | |
| Cisco Wireless IP Phone 8821-EX | ||
| Cisco Wireless IP Phone 8821-EX firmware | <11.0\(5\)sr2 | |
| Cisco Wireless IP Phone 8821-EX firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-3111.
What is the severity of CVE-2020-3111?
The severity of CVE-2020-3111 is high with a CVSS score of 8.8.
What is the affected software for CVE-2020-3111?
The affected software for CVE-2020-3111 includes various Cisco IP Phone models with specific firmware versions.
How can an attacker exploit CVE-2020-3111?
An attacker can exploit CVE-2020-3111 by sending maliciously crafted packets to an affected Cisco IP Phone.
What is the recommended mitigation for CVE-2020-3111?
The recommended mitigation for CVE-2020-3111 is to apply the necessary security updates provided by Cisco.
- agent/references
- agent/type
- agent/weakness
- agent/author
- agent/description
- agent/severity
- agent/title
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco ip conference phone 7832 firmware
- canonical/cisco ip conference phone 7832
- canonical/cisco ip conference phone 8832
- canonical/cisco ip conference phone 8832 with multiplatform firmware
- canonical/cisco ip conference phone 8832 firmware
- canonical/cisco ip phone 6821 firmware
- canonical/cisco ip phone 6841 firmware
- canonical/cisco ip phone 6851
- canonical/cisco ip phone 6861 firmware
- canonical/cisco ip phone 6861
- canonical/cisco ip phone 6871 firmware
- canonical/cisco ip phone 7811 firmware
- canonical/cisco ip phone 7811 with multiplatform firmware
- canonical/cisco ip phone 7821 firmware
- canonical/cisco ip phone 7821 with multiplatform firmware
- canonical/cisco ip phone 7841 firmware
- canonical/cisco ip phone 7841 with multiplatform firmware
- canonical/cisco ip phone 7861 firmware
- canonical/cisco ip phone 7861 with multiplatform firmware
- canonical/cisco ip phone 8811 firmware
- canonical/cisco ip phone 8811
- canonical/cisco ip phone 8841 firmware
- canonical/cisco ip phone 8841
- canonical/cisco ip phone 8851 firmware
- canonical/cisco ip phone 8851
- canonical/cisco ip phone 8861 firmware
- canonical/cisco ip phone 8861 with multiplatform firmware
- canonical/cisco ip phone 8861 firmware 3pcc
- canonical/cisco ip phone 8845 firmware
- canonical/cisco ip phone 8845
- canonical/cisco ip phone 8865 firmware
- canonical/cisco ip phone 8865 with multiplatform firmware
- canonical/cisco ip phone 8865
- canonical/cisco unified ip conference phone 8831
- canonical/cisco unified ip conference phone 8831 for third-party call control
- canonical/cisco wireless ip phone 8821-ex firmware
- canonical/cisco wireless ip phone 8821-ex