VDB
VAR-202004-1234
VAR-202004-1234
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.
Risk Scores
CVSS 3.0
9.800000190734863
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco IP phone | n/a |
Exploit Intelligence
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3161 (circl)
- 20200415 Cisco IP Phones Web Server Remote Code Execution and Denial of Service Vulnerability (circl)
- http://packetstormsecurity.com/files/157265/Cisco-IP-Phone-11.7-Denial-Of-Service.html (circl)
- CIRCL exploited: CVE-2020-3161 (circl-sighting)
- CIRCL seen: CVE-2020-3161 (circl-sighting)
- CIRCL seen: CVE-2020-3161 (circl-sighting)
- CIRCL seen: CVE-2020-3161 (circl-sighting)
- CIRCL seen: CVE-2020-3161 (circl-sighting)
Timeline
- Jun 9, 2016 CVE Published
- Nov 8, 2021 PoC Published
- Nov 20, 2021 PoC Published
- Dec 24, 2024 PoC Published
- Feb 23, 2025 PoC Published
- Feb 2, 2026 PoC Published