{"containers": {"cna": {"affected": [{"product": "Cisco IP Phones with Multiplatform Firmware", "vendor": "Cisco", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2020-11-04T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-371", "description": "CWE-371", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-11-06T18:16:31", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20201104 Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv"}], "source": {"advisory": "cisco-sa-voip-phone-flood-dos-YnU9EXOv", "defect": [["CSCvs66815", "CSCvt83239", "CSCvu36012", "CSCvu36026"]], "discovery": "INTERNAL"}, "title": "Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-11-04T16:00:00", "ID": "CVE-2020-3574", "STATE": "PUBLIC", "TITLE": "Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco IP Phones with Multiplatform Firmware", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "7.5", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-371"}]}]}, "references": {"reference_data": [{"name": "20201104 Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv"}]}, "source": {"advisory": "cisco-sa-voip-phone-flood-dos-YnU9EXOv", "defect": [["CSCvs66815", "CSCvt83239", "CSCvu36012", "CSCvu36026"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:37:55.701Z"}, "title": "CVE Program Container", "references": [{"name": "20201104 Cisco IP Phone TCP Packet Flood Denial of Service Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3574", "datePublished": "2020-11-06T18:16:31.678368Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-09-17T00:42:12.966Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_dect_210_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC3C8D7D-A5B0-4771-9665-D0258312BB8D", "versionEndExcluding": "4.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_dect_210:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B6E163D-94B8-453B-8189-804A7C1DE8DA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_dect_6825_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B835D24-DA8B-4E9F-8731-8E53438CB912", "versionEndExcluding": "4.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_dect_6825:-:*:*:*:*:*:*:*", "matchCriteriaId": "4713CBC4-DC13-4D0E-83E6-34F4AAF07A58", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8811_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BEAB12F-7C8B-4960-9161-89714A4DEF42", "versionEndExcluding": "11.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8811:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0CC3127-3152-4906-9FE0-BC6F21DCADAA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8841_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "366D15A9-2EBE-4CB9-A2DF-D5D575598744", "versionEndExcluding": "11.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8841:-:*:*:*:*:*:*:*", "matchCriteriaId": "7944CC9C-AE08-4F30-AF65-134DADBD0FA1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8851_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "F7907FF6-F949-45FA-910C-FF111140594B", "versionEndExcluding": "11.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8851:-:*:*:*:*:*:*:*", "matchCriteriaId": "8AF6DC5E-F582-445E-BF05-2D55A0954663", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:ip_phone_8861_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "4709CCDB-04A6-4E63-A4E9-02904E44FA65", "versionEndExcluding": "11.3.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:ip_phone_8861:-:*:*:*:*:*:*:*", "matchCriteriaId": "090EE553-01D5-45F0-87A4-E1167F46EB77", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_ip_conference_phone_8831_firmware:9.3\\(4\\):servicerelease3:*:*:*:*:*:*", "matchCriteriaId": "5773D5CD-4D6E-468C-A07A-C8A707B11FF9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:unified_ip_conference_phone_8831:-:*:*:*:*:*:*:*", "matchCriteriaId": "660475FD-8475-4968-9ED2-D83461B9A5D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:webex_room_phone_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8831D2CE-55CD-4D5D-A9FB-3D9AC04DE5D1", "versionEndExcluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:webex_room_phone:-:*:*:*:*:*:*:*", "matchCriteriaId": "060033D2-5332-4C89-813A-3780E1619DFD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the TCP packet processing functionality of Cisco IP Phones could allow an unauthenticated, remote attacker to cause the phone to stop responding to incoming calls, drop connected calls, or unexpectedly reload. The vulnerability is due to insufficient TCP ingress packet rate limiting. An attacker could exploit this vulnerability by sending a high and sustained rate of crafted TCP traffic to the targeted device. A successful exploit could allow the attacker to impact operations of the phone or cause the phone to reload, leading to a denial of service (DoS) condition."}, {"lang": "es", "value": "Una vulnerabilidad en la funcionalidad TCP packet processing de Cisco IP Phones, podr\u00eda permitir a un atacante remoto no autenticado causar que el tel\u00e9fono dejara de responder a las llamadas entrantes, abandonara las llamadas conectadas o se recargara inesperadamente. La vulnerabilidad es debido a una limitaci\u00f3n insuficiente de la tasa de paquetes de entrada TCP. Un atacante podr\u00eda explotar esta vulnerabilidad mediante el env\u00edo una tasa alta y sostenida de tr\u00e1fico TCP dise\u00f1ado hacia el dispositivo apuntado. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante afectar las operaciones del tel\u00e9fono o hacer que el tel\u00e9fono se recargue, dando lugar a una condici\u00f3n de denegaci\u00f3n de servicio (DoS)"}], "id": "CVE-2020-3574", "lastModified": "2023-11-07T03:22:56.323", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "ykramarz@cisco.com", "type": "Secondary"}]}, "published": "2020-11-06T19:15:14.847", "references": [{"source": "ykramarz@cisco.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phone-flood-dos-YnU9EXOv"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-371"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}