VDB

CISCO-SA-VOIP-PHONES-RCE-DOS-RB6EERXS

CISCO-SA-VOIP-PHONES-RCE-DOS-RB6EERXS PUBLISHED CVSS 9.800000190734863 CRITICAL

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Cisco IP Phone 8800 Series with Multiplatform Firmware
Cisco IP Phone 7800 Series with Multiplatform Firmware
Cisco IP Phone 8800 Series Software
Cisco IP Phone 7800 Series
Cisco IP Phone 6800 Series with Multiplatform Firmware
Cisco IP phone

Timeline

  • Apr 15, 2020 CVE Published
  • Apr 16, 2020 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›