GSD-2020-3161 — Vulnetix

GSD-2020-3161 PUBLISHED CVSS 9.800000190734863 CRITICAL

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.

Risk Scores

CVSS v3.0

9.800000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Cisco	Cisco IP phone	*

Timeline

Jun 9, 2016 CVE Published
Nov 8, 2021 PoC Published
Nov 20, 2021 PoC Published
Dec 24, 2024 PoC Published
Feb 23, 2025 PoC Published
Feb 2, 2026 PoC Published

References

20200415 Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability vendor-advisory
http://packetstormsecurity.com/files/157265/Cisco-IP-Phone-11.7-Denial-Of-Service.html url
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3161 url

Open in Interactive Console →