VAR-202004-1234 — Vulnetix

VAR-202004-1234 PUBLISHED CVSS 9.800000190734863 CRITICAL

A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of proper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web server of a targeted device. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a DoS condition.

Risk Scores

CVSS v3.0

9.800000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Cisco	Cisco IP phone	n/a

Timeline

Jun 9, 2016 CVE Published
Nov 8, 2021 PoC Published
Nov 20, 2021 PoC Published
Dec 24, 2024 PoC Published
Feb 23, 2025 PoC Published
Feb 2, 2026 PoC Published

References

Open in Interactive Console →