CVE-2020-3111

A vulnerability in the Cisco Discovery Protocol implementation for the Cisco IP Phone could allow an unauthenticated, adjacent attacker to remotely execute code with root privileges or cause a reload of an affected IP phone. The vulnerability is due to missing checks when processing Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to the targeted IP phone. A successful exploit could allow the attacker to remotely execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).

Severity	HIGH
CVSS	8.8
CWE	CWE-20
KEV
Published	6 years ago
Modified	1 year ago

Related Products

Product	Advisory
Cisco RV Series Routers	cisco-sa-20200205-voip-phones-rce-dos
Cisco Nexus Dashboard	cisco-sa-20200205-voip-phones-rce-dos
Cisco 8000 Series Routers	cisco-sa-20200205-voip-phones-rce-dos
Cisco Small Business IP Phones	cisco-sa-20200205-voip-phones-rce-dos
Cisco IP phone	cisco-sa-20200205-voip-phones-rce-dos
Cisco IP Phone 8800 Series with Multiplatform Firmware	cisco-sa-20200205-voip-phones-rce-dos
Cisco IP Phone 8800 Series Software	cisco-sa-20200205-voip-phones-rce-dos
Cisco IP Phone 7800 Series with Multiplatform Firmware	cisco-sa-20200205-voip-phones-rce-dos
Cisco IP Phone 7800 Series	cisco-sa-20200205-voip-phones-rce-dos
Cisco IP Phone 6800 Series with Multiplatform Firmware	cisco-sa-20200205-voip-phones-rce-dos