VAR-202004-1234
Vulnerability from variot - Updated: 2023-12-18 13:28A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition. Cisco IP Phones There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco IP Phone 7811, etc. are all IP phones of the American company Cisco.
There are input validation error vulnerabilities in the Web servers of many Cisco products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202004-1234",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ip phone 7861",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "ip phone 7841",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "ip phone 8861",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(5\\)sr1"
},
{
"model": "ip phone 8851",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(5\\)sr1"
},
{
"model": "ip phone 8865",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(5\\)sr1"
},
{
"model": "ip phone 8845",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(1\\)es14"
},
{
"model": "ip phone 8821",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "ip phone 8821-ex",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(5\\)sr1"
},
{
"model": "ip phone 8841",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(1\\)es14"
},
{
"model": "8831",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(1\\)es14"
},
{
"model": "ip phone 7811",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "ip phone 8861",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "ip phone 8851",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "ip phone 8811",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(1\\)es14"
},
{
"model": "ip phone 8821-ex",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "8831",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(5\\)sr1"
},
{
"model": "ip phone 8845",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(5\\)sr1"
},
{
"model": "ip phone 8865",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "ip phone 8841",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(5\\)sr1"
},
{
"model": "ip phone 8811",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(5\\)sr1"
},
{
"model": "ip phone 7821",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "ip phone 8845",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "8831",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "ip phone 8841",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "ip phone 8821",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(1\\)es14"
},
{
"model": "ip phone 8865",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(1\\)es14"
},
{
"model": "ip phone 8811",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(1\\)"
},
{
"model": "ip phone 8861",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(1\\)es14"
},
{
"model": "ip phone 8821-ex",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(1\\)es14"
},
{
"model": "ip phone 8851",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "10.3\\(1\\)es14"
},
{
"model": "ip phone 8821",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "11.0\\(5\\)sr1"
},
{
"model": "ip phone 7811",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone 7821",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone 7841",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone 7861",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone 8811",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone 8841",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone 8845",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone 8851",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone 8861",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone 8865",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7861"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7811"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7821"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "7841"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8811"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8841"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8845"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8851"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8861"
},
{
"model": "ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8865"
},
{
"model": "unified ip conference phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8831"
},
{
"model": "wireless ip phone",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "8821"
},
{
"model": "wireless ip phone 8821-ex",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31998"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004772"
},
{
"db": "NVD",
"id": "CVE-2020-3161"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8865_firmware:10.3\\(1\\)es14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8865_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8865_firmware:11.0\\(5\\)sr1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8851_firmware:10.3\\(1\\)es14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8851_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8851_firmware:11.0\\(5\\)sr1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_7841_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_7821_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8811_firmware:10.3\\(1\\)es14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8811_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8811_firmware:11.0\\(5\\)sr1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8861_firmware:10.3\\(1\\)es14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8861_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8861_firmware:11.0\\(5\\)sr1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8845_firmware:10.3\\(1\\)es14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8845_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8845_firmware:11.0\\(5\\)sr1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_7861_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8841_firmware:10.3\\(1\\)es14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8841_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8841_firmware:11.0\\(5\\)sr1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_7811_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8821_firmware:10.3\\(1\\)es14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8821_firmware:11.0\\(5\\)sr1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_8821:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8821-ex_firmware:10.3\\(1\\)es14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8821-ex_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:ip_phone_8821-ex_firmware:11.0\\(5\\)sr1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:ip_phone_8821-ex:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:8831_firmware:10.3\\(1\\)es14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:8831_firmware:11.0\\(1\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:cisco:8831_firmware:11.0\\(5\\)sr1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:8831:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3161"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Baines",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1099"
}
],
"trust": 0.6
},
"cve": "CVE-2020-3161",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2020-004772",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-31998",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-3161",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ykramarz@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2020-004772",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-3161",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ykramarz@cisco.com",
"id": "CVE-2020-3161",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2020-004772",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2020-31998",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202004-1099",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2020-3161",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31998"
},
{
"db": "VULMON",
"id": "CVE-2020-3161"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004772"
},
{
"db": "NVD",
"id": "CVE-2020-3161"
},
{
"db": "NVD",
"id": "CVE-2020-3161"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1099"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition. Cisco IP Phones There is an input verification vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Cisco IP Phone 7811, etc. are all IP phones of the American company Cisco. \n\r\n\r\nThere are input validation error vulnerabilities in the Web servers of many Cisco products",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-3161"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004772"
},
{
"db": "CNVD",
"id": "CNVD-2020-31998"
},
{
"db": "VULMON",
"id": "CVE-2020-3161"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-3161",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "157265",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004772",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-31998",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1321.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.1321",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "48342",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1099",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-3161",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31998"
},
{
"db": "VULMON",
"id": "CVE-2020-3161"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004772"
},
{
"db": "NVD",
"id": "CVE-2020-3161"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1099"
}
]
},
"id": "VAR-202004-1234",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31998"
}
],
"trust": 0.97675563
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31998"
}
]
},
"last_update_date": "2023-12-18T13:28:09.779000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "cisco-sa-voip-phones-rce-dos-rB6EeRXs",
"trust": 0.8,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-voip-phones-rce-dos-rb6eerxs"
},
{
"title": "Patch for Multiple Cisco product input verification error vulnerabilities (CNVD-2020-31998)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/220745"
},
{
"title": "Multiple Cisco Product input verification error vulnerability fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=117144"
},
{
"title": "Cisco: Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-voip-phones-rce-dos-rb6eerxs"
},
{
"title": "CVE-2020-3161",
"trust": 0.1,
"url": "https://github.com/uromulouinthehouse/cve-2020-3161 "
},
{
"title": "CVE-2020-3161",
"trust": 0.1,
"url": "https://github.com/abood05972/cve-2020-3161 "
},
{
"title": "CVE-2020-3161",
"trust": 0.1,
"url": "https://github.com/uromulou/cve-2020-3161 "
},
{
"title": "CVE-2020-3161",
"trust": 0.1,
"url": "https://github.com/urromulou/cve-2020-3161 "
},
{
"title": "CVE-2020-3161-REMAKE",
"trust": 0.1,
"url": "https://github.com/uromulou/cve-2020-3161-remake "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/soosmile/poc "
},
{
"title": "PoC",
"trust": 0.1,
"url": "https://github.com/jonathan-elias/poc "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000s/poc-in-github "
},
{
"title": "PoC-in-GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/poc-in-github "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/critical-cisco-ip-phone-rce-flaw/154864/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31998"
},
{
"db": "VULMON",
"id": "CVE-2020-3161"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004772"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1099"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004772"
},
{
"db": "NVD",
"id": "CVE-2020-3161"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-voip-phones-rce-dos-rb6eerxs"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-3161"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/157265/cisco-ip-phone-11.7-denial-of-service.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3161"
},
{
"trust": 0.6,
"url": "https://www.exploit-db.com/exploits/48342"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/cisco-ip-phone-code-execution-via-web-server-32043"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1321.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.1321/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://github.com/uromulouinthehouse/cve-2020-3161"
},
{
"trust": 0.1,
"url": "https://github.com/abood05972/cve-2020-3161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-31998"
},
{
"db": "VULMON",
"id": "CVE-2020-3161"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004772"
},
{
"db": "NVD",
"id": "CVE-2020-3161"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1099"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-31998"
},
{
"db": "VULMON",
"id": "CVE-2020-3161"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-004772"
},
{
"db": "NVD",
"id": "CVE-2020-3161"
},
{
"db": "CNNVD",
"id": "CNNVD-202004-1099"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-31998"
},
{
"date": "2020-04-15T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3161"
},
{
"date": "2020-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004772"
},
{
"date": "2020-04-15T20:15:15.097000",
"db": "NVD",
"id": "CVE-2020-3161"
},
{
"date": "2020-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1099"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-31998"
},
{
"date": "2021-08-12T00:00:00",
"db": "VULMON",
"id": "CVE-2020-3161"
},
{
"date": "2020-05-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-004772"
},
{
"date": "2021-08-12T18:19:39.917000",
"db": "NVD",
"id": "CVE-2020-3161"
},
{
"date": "2021-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202004-1099"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1099"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco IP Phones Input verification vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-004772"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202004-1099"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…