A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Metrics

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Cisco
  • Ip Conference Phone 7832
  • Ip Conference Phone 7832 Firmware
  • Ip Conference Phone 7832 With Multiplatform Firmware
  • Ip Conference Phone 8832
  • Ip Conference Phone 8832 Firmware
  • Ip Conference Phone 8832 With Multiplatform Firmware
  • Ip Phone 6821
  • Ip Phone 6821 Firmware
  • Ip Phone 6841
  • Ip Phone 6841 Firmware
  • Ip Phone 6851
  • Ip Phone 6851 Firmware
  • Ip Phone 6861
  • Ip Phone 6861 Firmware
  • Ip Phone 6871
  • Ip Phone 6871 Firmware
  • Ip Phone 7811
  • Ip Phone 7811 Firmware
  • Ip Phone 7811 With Multiplatform Firmware
  • Ip Phone 7821
  • Ip Phone 7821 Firmware
  • Ip Phone 7821 With Multiplatform Firmware
  • Ip Phone 7841
  • Ip Phone 7841 Firmware
  • Ip Phone 7841 With Multiplatform Firmware
  • Ip Phone 7861
  • Ip Phone 7861 Firmware
  • Ip Phone 7861 With Multiplatform Firmware
  • Ip Phone 8811
  • Ip Phone 8811 Firmware
  • Ip Phone 8811 With Multiplatform Firmware
  • Ip Phone 8841
  • Ip Phone 8841 Firmware
  • Ip Phone 8841 With Multiplatform Firmware
  • Ip Phone 8845
  • Ip Phone 8845 Firmware
  • Ip Phone 8845 With Multiplatform Firmware
  • Ip Phone 8851
  • Ip Phone 8851 Firmware
  • Ip Phone 8851 With Multiplatform Firmware
  • Ip Phone 8861
  • Ip Phone 8861 Firmware
  • Ip Phone 8861 With Multiplatform Firmware
  • Ip Phone 8865
  • Ip Phone 8865 Firmware
  • Ip Phone 8865 With Multiplatform Firmware
  • Unified Ip Conference Phone 8831
  • Unified Ip Conference Phone 8831 Firmware
  • Unified Ip Conference Phone 8831 For Third-party Call Control
  • Unified Ip Conference Phone 8831 For Third-party Call Control Firmware
  • Wireless Ip Phone 8821
  • Wireless Ip Phone 8821-ex
  • Wireless Ip Phone 8821-ex Firmware
  • Wireless Ip Phone 8821 Firmware

Configuration 1 [-]

AND
OR cpe:2.3:o:cisco:ip_conference_phone_7832_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_conference_phone_7832_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_conference_phone_7832:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:o:cisco:ip_conference_phone_8832_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_conference_phone_8832_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_conference_phone_8832:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:cisco:ip_phone_6821_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_6821:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:cisco:ip_phone_6841_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_6841:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:cisco:ip_phone_6851_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_6851:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:cisco:ip_phone_6861_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_6861:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:cisco:ip_phone_6871_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_6871:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_7811_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7811_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7811:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_7821_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7821_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7821:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_7841_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7841:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_7861_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_7861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_7861:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8811_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8841_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8851_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8861_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8845_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8845_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8845:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
OR cpe:2.3:o:cisco:ip_phone_8865_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:cisco:ip_phone_8865_with_multiplatform_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:ip_phone_8865:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:cisco:unified_ip_conference_phone_8831_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_conference_phone_8831:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:cisco:unified_ip_conference_phone_8831_for_third-party_call_control_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:unified_ip_conference_phone_8831_for_third-party_call_control:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:cisco:wireless_ip_phone_8821_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_ip_phone_8821:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:cisco:wireless_ip_phone_8821-ex_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:cisco:wireless_ip_phone_8821-ex:-:*:*:*:*:*:*:*

No data.

References
Link Providers
http://packetstormsecurity.com/files/156203/Cisco-Discovery-Protocol-CDP-Remote-Device-Takeover.html cve-icon cve-icon
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200205-voip-phones-rce-dos cve-icon cve-icon
History

Fri, 15 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}
cve-icon MITRE

Status: PUBLISHED

Assigner: cisco

Published: 2020-02-05T17:40:15.678994Z

Updated: 2024-11-15T17:42:42.854Z

Reserved: 2019-12-12T00:00:00

Link: CVE-2020-3111

cve-icon Vulnrichment

Updated: 2024-08-04T07:24:00.455Z

cve-icon NVD

Status : Modified

Published: 2020-02-05T18:15:10.783

Modified: 2024-11-21T05:30:20.897

Link: CVE-2020-3111

cve-icon Redhat

No data.