cve-2020-3111
Vulnerability from cvelistv5
Published
2020-02-05 17:40
Modified
2024-11-15 17:42
Severity ?
8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).
References
ykramarz@cisco.comhttp://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.htmlThird Party Advisory, VDB Entry
ykramarz@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dosVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dosVendor Advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:24:00.455Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200205 Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-3111",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T16:25:09.510937Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:42:42.854Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco IP phone",
          "vendor": "Cisco",
          "versions": [
            {
              "lessThan": "12.7(1)",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-02-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about this vulnerability. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-05T18:06:07",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20200205 Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"
        }
      ],
      "source": {
        "advisory": "cisco-sa-20200205-voip-phones-rce-dos",
        "defect": [
          [
            "CSCvr96057",
            "CSCvr96058",
            "CSCvr96059",
            "CSCvr96060",
            "CSCvr96063",
            "CSCvr96064",
            "CSCvr96065",
            "CSCvr96066",
            "CSCvr96067",
            "CSCvr96069",
            "CSCvr96070",
            "CSCvr96071",
            "CSCvr96738",
            "CSCvr96739"
          ]
        ],
        "discovery": "INTERNAL"
      },
      "title": "Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "DATE_PUBLIC": "2020-02-05T16:00:00-0800",
          "ID": "CVE-2020-3111",
          "STATE": "PUBLIC",
          "TITLE": "Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco IP phone",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_value": "12.7(1)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Cisco"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about this vulnerability. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."
          }
        ],
        "impact": {
          "cvss": {
            "baseScore": "8.8",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200205 Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos"
            },
            {
              "name": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"
            }
          ]
        },
        "source": {
          "advisory": "cisco-sa-20200205-voip-phones-rce-dos",
          "defect": [
            [
              "CSCvr96057",
              "CSCvr96058",
              "CSCvr96059",
              "CSCvr96060",
              "CSCvr96063",
              "CSCvr96064",
              "CSCvr96065",
              "CSCvr96066",
              "CSCvr96067",
              "CSCvr96069",
              "CSCvr96070",
              "CSCvr96071",
              "CSCvr96738",
              "CSCvr96739"
            ]
          ],
          "discovery": "INTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2020-3111",
    "datePublished": "2020-02-05T17:40:15.678994Z",
    "dateReserved": "2019-12-12T00:00:00",
    "dateUpdated": "2024-11-15T17:42:42.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_conference_phone_7832_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.7\\\\(1\\\\)\", \"matchCriteriaId\": \"2C412D40-7E0A-4FF1-9D07-21117B915509\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\\\\(1\\\\)sr1\", \"matchCriteriaId\": \"4A2F31BA-AF80-4C21-9FD0-A0DB1D304024\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_conference_phone_7832:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6592E7FE-346E-4923-97C2-F5298DC802A3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.7\\\\(1\\\\)\", \"matchCriteriaId\": \"6158B805-6515-4DC3-AB76-1D2F7036492F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\\\\(1\\\\)sr1\", \"matchCriteriaId\": \"F8096985-5813-4098-BF38-FD09CB2ACBFA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1010D16-DC6E-47A6-8BF9-C1026D975E3D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_6821_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\\\\(1\\\\)sr1\", \"matchCriteriaId\": \"327BB99F-F398-49C3-83A2-DE8392F13A51\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_phone_6821:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEFD67F1-8FB1-4F27-8B97-59DF78DE41A1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_6841_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\\\\(1\\\\)sr1\", \"matchCriteriaId\": \"1021FD6B-50A7-40E1-8081-F7BD80777E75\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE4960B1-22B4-4B3D-955E-684DA520A1A5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_6851_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\\\\(1\\\\)sr1\", \"matchCriteriaId\": \"4CEB6D52-F968-4D81-A0E0-F9E81CCBF1AF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5809CA01-CF32-4E3A-A771-01D5065F0061\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_6861_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\\\\(1\\\\)sr1\", \"matchCriteriaId\": \"E38A06CF-5C29-47EA-8E63-45DED1085864\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C05A7CA6-AD58-45D7-AF32-129E22855D8E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_6871_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\\\\(1\\\\)sr1\", \"matchCriteriaId\": \"F94AED70-743C-4764-A342-5503649852CF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"864B486C-71F6-4EFD-8F04-BA7FC18DFD5B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.7\\\\(1\\\\)\", \"matchCriteriaId\": \"80C0B9B7-C7F6-4FF8-9CDD-F823516C0F31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\\\\(1\\\\)sr1\", \"matchCriteriaId\": \"0A4A4B0F-3A7C-4EE9-A6ED-4C1E1C4AAD57\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D7260C17-7067-47AD-995F-366A5E8B10E7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.7\\\\(1\\\\)\", \"matchCriteriaId\": \"FEE05ACF-E50D-478A-B24D-5DFDADAC14C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\\\\(1\\\\)sr1\", \"matchCriteriaId\": \"A6DB7E94-661F-4447-9338-1BCB46CCE665\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.7\\\\(1\\\\)\", \"matchCriteriaId\": \"7F3968E7-EFA1-42FF-B62B-8D76B1F9AE70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\\\\(1\\\\)sr1\", \"matchCriteriaId\": \"7AF864D9-B587-4FCE-BEB2-9A1EC49DF8F7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"73CF8A50-11BD-4506-BF2A-CCA36BF59EFF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.7\\\\(1\\\\)\", \"matchCriteriaId\": \"25CEB9EC-D645-4EFE-AAC3-8EAB120B654F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\\\\(1\\\\)sr1\", \"matchCriteriaId\": \"801FD445-7410-457C-98CC-F839427CEBD4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E52C420C-FD54-4BE4-8720-E05307D53520\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.7\\\\(1\\\\)\", \"matchCriteriaId\": \"21B5DDF7-4B8D-4E26-B816-1981F29B35AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\\\\(1\\\\)sr1\", \"matchCriteriaId\": \"4BE38659-4111-4D7D-8B6C-54B7D28EE5A9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D0CC3127-3152-4906-9FE0-BC6F21DCADAA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.7\\\\(1\\\\)\", \"matchCriteriaId\": \"9C25A9EF-0963-4BEA-9183-B21CA2871C03\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\\\\(1\\\\)sr1\", \"matchCriteriaId\": \"6F64960C-05A6-4150-9307-8890F617B077\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7944CC9C-AE08-4F30-AF65-134DADBD0FA1\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.7\\\\(1\\\\)\", \"matchCriteriaId\": \"F1498AAB-2129-48F0-9985-60667F4484E4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\\\\(1\\\\)sr1\", \"matchCriteriaId\": \"D85F9FDA-AA2E-4E40-A4C0-086ABA8CC238\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8AF6DC5E-F582-445E-BF05-2D55A0954663\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.7\\\\(1\\\\)\", \"matchCriteriaId\": \"DDC48168-00E4-44F4-82A0-AB3A3F12E934\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\\\\(1\\\\)sr1\", \"matchCriteriaId\": \"6487419F-6DC3-4606-87B3-B429314E00D4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"090EE553-01D5-45F0-87A4-E1167F46EB77\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.7\\\\(1\\\\)\", \"matchCriteriaId\": \"13C4E4FC-0B10-4447-8EF6-9D82C833DA20\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\\\\(1\\\\)sr1\", \"matchCriteriaId\": \"31CC8824-E700-4D80-9F96-5076D4DA7816\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A313E64A-F43C-4FBA-A389-6171CBD709C0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"12.7\\\\(1\\\\)\", \"matchCriteriaId\": \"4A8762CE-FDC4-4C8B-BA64-8867711CDB46\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.3\\\\(1\\\\)sr1\", \"matchCriteriaId\": \"ECD950B5-786D-4C9C-BB33-3F9DF41891F6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB99B9AB-64B5-4989-9579-A1BB5D2D87EF\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:unified_ip_conference_phone_8831_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.3\\\\(1\\\\)sr6\", \"matchCriteriaId\": \"E9495099-FC90-46E7-8B86-1BC8B9B055B5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:unified_ip_conference_phone_8831:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"660475FD-8475-4968-9ED2-D83461B9A5D4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:unified_ip_conference_phone_8831_for_third-party_call_control_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D5699693-DBEC-429F-B67E-0B1625818FAB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:unified_ip_conference_phone_8831_for_third-party_call_control:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EA7AA843-E37E-42A0-BD4C-9710BDD50D9B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:wireless_ip_phone_8821_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.0\\\\(5\\\\)sr2\", \"matchCriteriaId\": \"B20E2DFB-CBEB-4A0A-B099-3D5C7A973EC9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:wireless_ip_phone_8821:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F97DF354-7690-417E-B223-72C8BDA36DA7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:wireless_ip_phone_8821-ex_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.0\\\\(5\\\\)sr2\", \"matchCriteriaId\": \"A40EB66A-AEA5-449A-B025-996882A25DC9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:wireless_ip_phone_8821-ex:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26CAE4C7-EADB-41A9-BE48-1A4F3D8D3D7A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad en la implementaci\\u00f3n de Cisco Discovery Protocol para Cisco IP Phone, podr\\u00eda permitir a un atacante adyacente no autenticado ejecutar c\\u00f3digo remotamente con privilegios root o causar una recarga de un tel\\u00e9fono IP afectado. La vulnerabilidad es debido a una falta de comprobaciones cuando se procesan los mensajes de Cisco Discovery Protocol. Un atacante podr\\u00eda explotar esta vulnerabilidad mediante el env\\u00edo de un paquete de Cisco Discovery Protocol dise\\u00f1ado hacia el tel\\u00e9fono IP apuntado. Una explotaci\\u00f3n con \\u00e9xito podr\\u00eda permitir al atacante ejecutar c\\u00f3digo remotamente con privilegios root o provocar una recarga de un tel\\u00e9fono IP afectado, resultando en una condici\\u00f3n de denegaci\\u00f3n de servicio (DoS). Cisco Discovery Protocol es un protocolo de Capa 2. Para explotar esta vulnerabilidad, un atacante debe encontrarse en el mismo dominio de difusi\\u00f3n que el dispositivo afectado (Capa 2 adyacente).\"}]",
      "id": "CVE-2020-3111",
      "lastModified": "2024-11-21T05:30:20.897",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 8.3, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 6.5, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-02-05T18:15:10.783",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ykramarz@cisco.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-3111\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2020-02-05T18:15:10.783\",\"lastModified\":\"2024-11-21T05:30:20.897\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la implementaci\u00f3n de Cisco Discovery Protocol para Cisco IP Phone, podr\u00eda permitir a un atacante adyacente no autenticado ejecutar c\u00f3digo remotamente con privilegios root o causar una recarga de un tel\u00e9fono IP afectado. La vulnerabilidad es debido a una falta de comprobaciones cuando se procesan los mensajes de Cisco Discovery Protocol. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un paquete de Cisco Discovery Protocol dise\u00f1ado hacia el tel\u00e9fono IP apuntado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo remotamente con privilegios root o provocar una recarga de un tel\u00e9fono IP afectado, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Cisco Discovery Protocol es un protocolo de Capa 2. Para explotar esta vulnerabilidad, un atacante debe encontrarse en el mismo dominio de difusi\u00f3n que el dispositivo afectado (Capa 2 adyacente).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":8.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":6.5,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ykramarz@cisco.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_conference_phone_7832_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7\\\\(1\\\\)\",\"matchCriteriaId\":\"2C412D40-7E0A-4FF1-9D07-21117B915509\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\\\\(1\\\\)sr1\",\"matchCriteriaId\":\"4A2F31BA-AF80-4C21-9FD0-A0DB1D304024\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_conference_phone_7832:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6592E7FE-346E-4923-97C2-F5298DC802A3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7\\\\(1\\\\)\",\"matchCriteriaId\":\"6158B805-6515-4DC3-AB76-1D2F7036492F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\\\\(1\\\\)sr1\",\"matchCriteriaId\":\"F8096985-5813-4098-BF38-FD09CB2ACBFA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1010D16-DC6E-47A6-8BF9-C1026D975E3D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_6821_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\\\\(1\\\\)sr1\",\"matchCriteriaId\":\"327BB99F-F398-49C3-83A2-DE8392F13A51\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_6821:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEFD67F1-8FB1-4F27-8B97-59DF78DE41A1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_6841_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\\\\(1\\\\)sr1\",\"matchCriteriaId\":\"1021FD6B-50A7-40E1-8081-F7BD80777E75\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE4960B1-22B4-4B3D-955E-684DA520A1A5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_6851_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\\\\(1\\\\)sr1\",\"matchCriteriaId\":\"4CEB6D52-F968-4D81-A0E0-F9E81CCBF1AF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5809CA01-CF32-4E3A-A771-01D5065F0061\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_6861_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\\\\(1\\\\)sr1\",\"matchCriteriaId\":\"E38A06CF-5C29-47EA-8E63-45DED1085864\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C05A7CA6-AD58-45D7-AF32-129E22855D8E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_6871_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\\\\(1\\\\)sr1\",\"matchCriteriaId\":\"F94AED70-743C-4764-A342-5503649852CF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"864B486C-71F6-4EFD-8F04-BA7FC18DFD5B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7\\\\(1\\\\)\",\"matchCriteriaId\":\"80C0B9B7-C7F6-4FF8-9CDD-F823516C0F31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\\\\(1\\\\)sr1\",\"matchCriteriaId\":\"0A4A4B0F-3A7C-4EE9-A6ED-4C1E1C4AAD57\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7260C17-7067-47AD-995F-366A5E8B10E7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7\\\\(1\\\\)\",\"matchCriteriaId\":\"FEE05ACF-E50D-478A-B24D-5DFDADAC14C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\\\\(1\\\\)sr1\",\"matchCriteriaId\":\"A6DB7E94-661F-4447-9338-1BCB46CCE665\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7\\\\(1\\\\)\",\"matchCriteriaId\":\"7F3968E7-EFA1-42FF-B62B-8D76B1F9AE70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\\\\(1\\\\)sr1\",\"matchCriteriaId\":\"7AF864D9-B587-4FCE-BEB2-9A1EC49DF8F7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73CF8A50-11BD-4506-BF2A-CCA36BF59EFF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7\\\\(1\\\\)\",\"matchCriteriaId\":\"25CEB9EC-D645-4EFE-AAC3-8EAB120B654F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\\\\(1\\\\)sr1\",\"matchCriteriaId\":\"801FD445-7410-457C-98CC-F839427CEBD4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E52C420C-FD54-4BE4-8720-E05307D53520\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7\\\\(1\\\\)\",\"matchCriteriaId\":\"21B5DDF7-4B8D-4E26-B816-1981F29B35AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\\\\(1\\\\)sr1\",\"matchCriteriaId\":\"4BE38659-4111-4D7D-8B6C-54B7D28EE5A9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0CC3127-3152-4906-9FE0-BC6F21DCADAA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7\\\\(1\\\\)\",\"matchCriteriaId\":\"9C25A9EF-0963-4BEA-9183-B21CA2871C03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\\\\(1\\\\)sr1\",\"matchCriteriaId\":\"6F64960C-05A6-4150-9307-8890F617B077\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7944CC9C-AE08-4F30-AF65-134DADBD0FA1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7\\\\(1\\\\)\",\"matchCriteriaId\":\"F1498AAB-2129-48F0-9985-60667F4484E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\\\\(1\\\\)sr1\",\"matchCriteriaId\":\"D85F9FDA-AA2E-4E40-A4C0-086ABA8CC238\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AF6DC5E-F582-445E-BF05-2D55A0954663\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7\\\\(1\\\\)\",\"matchCriteriaId\":\"DDC48168-00E4-44F4-82A0-AB3A3F12E934\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\\\\(1\\\\)sr1\",\"matchCriteriaId\":\"6487419F-6DC3-4606-87B3-B429314E00D4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"090EE553-01D5-45F0-87A4-E1167F46EB77\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7\\\\(1\\\\)\",\"matchCriteriaId\":\"13C4E4FC-0B10-4447-8EF6-9D82C833DA20\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\\\\(1\\\\)sr1\",\"matchCriteriaId\":\"31CC8824-E700-4D80-9F96-5076D4DA7816\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A313E64A-F43C-4FBA-A389-6171CBD709C0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.7\\\\(1\\\\)\",\"matchCriteriaId\":\"4A8762CE-FDC4-4C8B-BA64-8867711CDB46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3\\\\(1\\\\)sr1\",\"matchCriteriaId\":\"ECD950B5-786D-4C9C-BB33-3F9DF41891F6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB99B9AB-64B5-4989-9579-A1BB5D2D87EF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:unified_ip_conference_phone_8831_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.3\\\\(1\\\\)sr6\",\"matchCriteriaId\":\"E9495099-FC90-46E7-8B86-1BC8B9B055B5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:unified_ip_conference_phone_8831:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"660475FD-8475-4968-9ED2-D83461B9A5D4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:unified_ip_conference_phone_8831_for_third-party_call_control_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5699693-DBEC-429F-B67E-0B1625818FAB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:unified_ip_conference_phone_8831_for_third-party_call_control:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA7AA843-E37E-42A0-BD4C-9710BDD50D9B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wireless_ip_phone_8821_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.0\\\\(5\\\\)sr2\",\"matchCriteriaId\":\"B20E2DFB-CBEB-4A0A-B099-3D5C7A973EC9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:wireless_ip_phone_8821:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F97DF354-7690-417E-B223-72C8BDA36DA7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:wireless_ip_phone_8821-ex_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.0\\\\(5\\\\)sr2\",\"matchCriteriaId\":\"A40EB66A-AEA5-449A-B025-996882A25DC9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:wireless_ip_phone_8821-ex:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26CAE4C7-EADB-41A9-BE48-1A4F3D8D3D7A\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"Cisco IP phone\", \"vendor\": \"Cisco\", \"versions\": [{\"lessThan\": \"12.7(1)\", \"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2020-02-05T00:00:00\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about this vulnerability. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.\"}], \"metrics\": [{\"cvssV3_0\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"ADJACENT_NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"version\": \"3.0\"}}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-20\", \"description\": \"CWE-20\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2020-02-05T18:06:07\", \"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\"}, \"references\": [{\"name\": \"20200205 Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\"], \"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos\"}, {\"tags\": [\"x_refsource_MISC\"], \"url\": \"http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html\"}], \"source\": {\"advisory\": \"cisco-sa-20200205-voip-phones-rce-dos\", \"defect\": [[\"CSCvr96057\", \"CSCvr96058\", \"CSCvr96059\", \"CSCvr96060\", \"CSCvr96063\", \"CSCvr96064\", \"CSCvr96065\", \"CSCvr96066\", \"CSCvr96067\", \"CSCvr96069\", \"CSCvr96070\", \"CSCvr96071\", \"CSCvr96738\", \"CSCvr96739\"]], \"discovery\": \"INTERNAL\"}, \"title\": \"Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability\", \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"psirt@cisco.com\", \"DATE_PUBLIC\": \"2020-02-05T16:00:00-0800\", \"ID\": \"CVE-2020-3111\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"Cisco IP phone\", \"version\": {\"version_data\": [{\"affected\": \"\u003c\", \"version_affected\": \"\u003c\", \"version_value\": \"12.7(1)\"}]}}]}, \"vendor_name\": \"Cisco\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).\"}]}, \"exploit\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about this vulnerability. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory.\"}], \"impact\": {\"cvss\": {\"baseScore\": \"8.8\", \"vectorString\": \"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"version\": \"3.0\"}}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-20\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"20200205 Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability\", \"refsource\": \"CISCO\", \"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos\"}, {\"name\": \"http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html\", \"refsource\": \"MISC\", \"url\": \"http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html\"}]}, \"source\": {\"advisory\": \"cisco-sa-20200205-voip-phones-rce-dos\", \"defect\": [[\"CSCvr96057\", \"CSCvr96058\", \"CSCvr96059\", \"CSCvr96060\", \"CSCvr96063\", \"CSCvr96064\", \"CSCvr96065\", \"CSCvr96066\", \"CSCvr96067\", \"CSCvr96069\", \"CSCvr96070\", \"CSCvr96071\", \"CSCvr96738\", \"CSCvr96739\"]], \"discovery\": \"INTERNAL\"}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T07:24:00.455Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"name\": \"20200205 Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability\", \"tags\": [\"vendor-advisory\", \"x_refsource_CISCO\", \"x_transferred\"], \"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos\"}, {\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2020-3111\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-15T16:25:09.510937Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-15T16:26:07.542Z\"}}]}",
      "cveMetadata": "{\"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"assignerShortName\": \"cisco\", \"cveId\": \"CVE-2020-3111\", \"datePublished\": \"2020-02-05T17:40:15.678994Z\", \"dateReserved\": \"2019-12-12T00:00:00\", \"dateUpdated\": \"2024-11-15T17:42:42.854Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.