CISCO-SA-VOIP-PHONES-RCE-DOS-RB6EERXS
A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco IP Phone 8800 Series with Multiplatform Firmware | ||
| Cisco IP Phone 7800 Series with Multiplatform Firmware | ||
| Cisco IP Phone 8800 Series Software | ||
| Cisco IP Phone 7800 Series | ||
| Cisco IP Phone 6800 Series with Multiplatform Firmware | ||
| Cisco IP phone |
Timeline
- Apr 15, 2020 CVE Published
- Apr 16, 2020 CVE Updated
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs advisory
- https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html url
- https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/11_0_1/secugd/CUCM_BK_C1A78C1D_00_cucm-security-guide-1101/phone_hardening.pdf url
- https://www.cisco.com/c/en/us/products/end-user-license-agreement.html url
- https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes url
- https://www.cisco.com/go/psirt url
- https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz03016 url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs78441 url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs78272 url
- https://software.cisco.com/download/navigator.html url
- https://www.cisco.com/ url
- https://software.cisco.com fix