{"containers": {"cna": {"affected": [{"product": "Cisco IP phone", "vendor": "Cisco", "versions": [{"lessThan": "12.7(1)", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-02-05T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about this vulnerability. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-02-05T18:06:07.000Z", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20200205 Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"}], "source": {"advisory": "cisco-sa-20200205-voip-phones-rce-dos", "defect": [["CSCvr96057", "CSCvr96058", "CSCvr96059", "CSCvr96060", "CSCvr96063", "CSCvr96064", "CSCvr96065", "CSCvr96066", "CSCvr96067", "CSCvr96069", "CSCvr96070", "CSCvr96071", "CSCvr96738", "CSCvr96739"]], "discovery": "INTERNAL"}, "title": "Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-02-05T16:00:00-0800", "ID": "CVE-2020-3111", "STATE": "PUBLIC", "TITLE": "Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IP phone", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "12.7(1)"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about this vulnerability. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "8.8", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "20200205 Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos"}, {"name": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"}]}, "source": {"advisory": "cisco-sa-20200205-voip-phones-rce-dos", "defect": [["CSCvr96057", "CSCvr96058", "CSCvr96059", "CSCvr96060", "CSCvr96063", "CSCvr96064", "CSCvr96065", "CSCvr96066", "CSCvr96067", "CSCvr96069", "CSCvr96070", "CSCvr96071", "CSCvr96738", "CSCvr96739"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:24:00.455Z"}, "title": "CVE Program Container", "references": [{"name": "20200205 Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-15T16:25:09.510937Z", "id": "CVE-2020-3111", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T17:42:42.854Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3111", "datePublished": "2020-02-05T17:40:15.678Z", "dateReserved": "2019-12-12T00:00:00.000Z", "dateUpdated": "2024-11-15T17:42:42.854Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos", "name": "20200205 Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:24:00.455Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2020-3111", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-15T16:25:09.510937Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T16:26:07.542Z"}}], "cna": {"title": "Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability", "source": {"defect": [["CSCvr96057", "CSCvr96058", "CSCvr96059", "CSCvr96060", "CSCvr96063", "CSCvr96064", "CSCvr96065", "CSCvr96066", "CSCvr96067", "CSCvr96069", "CSCvr96070", "CSCvr96071", "CSCvr96738", "CSCvr96739"]], "advisory": "cisco-sa-20200205-voip-phones-rce-dos", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco IP phone", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "12.7(1)", "versionType": "custom"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about this vulnerability. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."}], "datePublic": "2020-02-05T00:00:00.000Z", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos", "name": "20200205 Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"]}, {"url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2020-02-05T18:06:07.000Z"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "8.8", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}, "source": {"defect": [["CSCvr96057", "CSCvr96058", "CSCvr96059", "CSCvr96060", "CSCvr96063", "CSCvr96064", "CSCvr96065", "CSCvr96066", "CSCvr96067", "CSCvr96069", "CSCvr96070", "CSCvr96071", "CSCvr96738", "CSCvr96739"]], "advisory": "cisco-sa-20200205-voip-phones-rce-dos", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"affected": "<", "version_value": "12.7(1)", "version_affected": "<"}]}, "product_name": "Cisco IP phone"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is aware of public announcements about this vulnerability. Cisco PSIRT is not aware of any malicious use of the vulnerability that is described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos", "name": "20200205 Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability", "refsource": "CISCO"}, {"url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html", "name": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2020-3111", "STATE": "PUBLIC", "TITLE": "Cisco IP Phone Remote Code Execution and Denial of Service Vulnerability", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-02-05T16:00:00-0800"}}}}, "cveMetadata": {"cveId": "CVE-2020-3111", "state": "PUBLISHED", "dateUpdated": "2024-11-15T17:42:42.854Z", "dateReserved": "2019-12-12T00:00:00.000Z", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2020-02-05T17:40:15.678Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "2C412D40-7E0A-4FF1-9D07-21117B915509", "versionEndExcluding": "12.7\\(1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A2F31BA-AF80-4C21-9FD0-A0DB1D304024", "versionEndExcluding": "11.3\\(1\\)sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_conference_phone_7832:-:*:*:*:*:*:*:*", "matchCriteriaId": "6592E7FE-346E-4923-97C2-F5298DC802A3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6158B805-6515-4DC3-AB76-1D2F7036492F", "versionEndExcluding": "12.7\\(1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8096985-5813-4098-BF38-FD09CB2ACBFA", "versionEndExcluding": "11.3\\(1\\)sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*", "matchCriteriaId": "F1010D16-DC6E-47A6-8BF9-C1026D975E3D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_6821_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "327BB99F-F398-49C3-83A2-DE8392F13A51", "versionEndExcluding": "11.3\\(1\\)sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_6821:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEFD67F1-8FB1-4F27-8B97-59DF78DE41A1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_6841_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1021FD6B-50A7-40E1-8081-F7BD80777E75", "versionEndExcluding": "11.3\\(1\\)sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:*", "matchCriteriaId": "CE4960B1-22B4-4B3D-955E-684DA520A1A5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_6851_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CEB6D52-F968-4D81-A0E0-F9E81CCBF1AF", "versionEndExcluding": "11.3\\(1\\)sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:*", "matchCriteriaId": "5809CA01-CF32-4E3A-A771-01D5065F0061", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_6861_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E38A06CF-5C29-47EA-8E63-45DED1085864", "versionEndExcluding": "11.3\\(1\\)sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*", "matchCriteriaId": "C05A7CA6-AD58-45D7-AF32-129E22855D8E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_6871_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F94AED70-743C-4764-A342-5503649852CF", "versionEndExcluding": "11.3\\(1\\)sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:*", "matchCriteriaId": "864B486C-71F6-4EFD-8F04-BA7FC18DFD5B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "80C0B9B7-C7F6-4FF8-9CDD-F823516C0F31", "versionEndExcluding": "12.7\\(1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A4A4B0F-3A7C-4EE9-A6ED-4C1E1C4AAD57", "versionEndExcluding": "11.3\\(1\\)sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7260C17-7067-47AD-995F-366A5E8B10E7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "FEE05ACF-E50D-478A-B24D-5DFDADAC14C1", "versionEndExcluding": "12.7\\(1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A6DB7E94-661F-4447-9338-1BCB46CCE665", "versionEndExcluding": "11.3\\(1\\)sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*", "matchCriteriaId": "AE7AFFF0-5B21-400B-B923-E9B7FCCE08FA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F3968E7-EFA1-42FF-B62B-8D76B1F9AE70", "versionEndExcluding": "12.7\\(1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AF864D9-B587-4FCE-BEB2-9A1EC49DF8F7", "versionEndExcluding": "11.3\\(1\\)sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*", "matchCriteriaId": "73CF8A50-11BD-4506-BF2A-CCA36BF59EFF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "25CEB9EC-D645-4EFE-AAC3-8EAB120B654F", "versionEndExcluding": "12.7\\(1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "801FD445-7410-457C-98CC-F839427CEBD4", "versionEndExcluding": "11.3\\(1\\)sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*", "matchCriteriaId": "E52C420C-FD54-4BE4-8720-E05307D53520", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21B5DDF7-4B8D-4E26-B816-1981F29B35AA", "versionEndExcluding": "12.7\\(1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BE38659-4111-4D7D-8B6C-54B7D28EE5A9", "versionEndExcluding": "11.3\\(1\\)sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C25A9EF-0963-4BEA-9183-B21CA2871C03", "versionEndExcluding": "12.7\\(1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F64960C-05A6-4150-9307-8890F617B077", "versionEndExcluding": "11.3\\(1\\)sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*", "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1498AAB-2129-48F0-9985-60667F4484E4", "versionEndExcluding": "12.7\\(1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D85F9FDA-AA2E-4E40-A4C0-086ABA8CC238", "versionEndExcluding": "11.3\\(1\\)sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DDC48168-00E4-44F4-82A0-AB3A3F12E934", "versionEndExcluding": "12.7\\(1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "6487419F-6DC3-4606-87B3-B429314E00D4", "versionEndExcluding": "11.3\\(1\\)sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*", "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "13C4E4FC-0B10-4447-8EF6-9D82C833DA20", "versionEndExcluding": "12.7\\(1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "31CC8824-E700-4D80-9F96-5076D4DA7816", "versionEndExcluding": "11.3\\(1\\)sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*", "matchCriteriaId": "A313E64A-F43C-4FBA-A389-6171CBD709C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A8762CE-FDC4-4C8B-BA64-8867711CDB46", "versionEndExcluding": "12.7\\(1\\)", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "ECD950B5-786D-4C9C-BB33-3F9DF41891F6", "versionEndExcluding": "11.3\\(1\\)sr1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*", "matchCriteriaId": "BB99B9AB-64B5-4989-9579-A1BB5D2D87EF", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_conference_phone_8831_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E9495099-FC90-46E7-8B86-1BC8B9B055B5", "versionEndExcluding": "10.3\\(1\\)sr6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_conference_phone_8831:-:*:*:*:*:*:*:*", "matchCriteriaId": "660475FD-8475-4968-9ED2-D83461B9A5D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_conference_phone_8831_for_third-party_call_control_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D5699693-DBEC-429F-B67E-0B1625818FAB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_conference_phone_8831_for_third-party_call_control:-:*:*:*:*:*:*:*", "matchCriteriaId": "EA7AA843-E37E-42A0-BD4C-9710BDD50D9B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wireless_ip_phone_8821_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B20E2DFB-CBEB-4A0A-B099-3D5C7A973EC9", "versionEndExcluding": "11.0\\(5\\)sr2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wireless_ip_phone_8821:-:*:*:*:*:*:*:*", "matchCriteriaId": "F97DF354-7690-417E-B223-72C8BDA36DA7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wireless_ip_phone_8821-ex_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A40EB66A-AEA5-449A-B025-996882A25DC9", "versionEndExcluding": "11.0\\(5\\)sr2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wireless_ip_phone_8821-ex:-:*:*:*:*:*:*:*", "matchCriteriaId": "26CAE4C7-EADB-41A9-BE48-1A4F3D8D3D7A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent)."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n de Cisco Discovery Protocol para Cisco IP Phone, podr\u00eda permitir a un atacante adyacente no autenticado ejecutar c\u00f3digo remotamente con privilegios root o causar una recarga de un tel\u00e9fono IP afectado. La vulnerabilidad es debido a una falta de comprobaciones cuando se procesan los mensajes de Cisco Discovery Protocol. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo de un paquete de Cisco Discovery Protocol dise\u00f1ado hacia el tel\u00e9fono IP apuntado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo remotamente con privilegios root o provocar una recarga de un tel\u00e9fono IP afectado, resultando en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Cisco Discovery Protocol es un protocolo de Capa 2. Para explotar esta vulnerabilidad, un atacante debe encontrarse en el mismo dominio de difusi\u00f3n que el dispositivo afectado (Capa 2 adyacente)."}], "id": "CVE-2020-3111", "lastModified": "2024-11-21T05:30:20.897", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-05T18:15:10.783", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "ykramarz@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}